{ "CVE_data_type" : "CVE", "CVE_data_format" : "MITRE", "CVE_data_version" : "4.0", "CVE_data_numberOfCVEs" : "1262", "CVE_data_timestamp" : "2025-04-20T07:01Z", "CVE_Items" : [ { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0011", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050928", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050928", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050928", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050928", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/TigerVNC/tigervnc/releases/tag/v1.3.1", "name" : "https://github.com/TigerVNC/tigervnc/releases/tag/v1.3.1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/TigerVNC/tigervnc/releases/tag/v1.3.1", "name" : "https://github.com/TigerVNC/tigervnc/releases/tag/v1.3.1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-02T20:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0013", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://emberjs.com/blog/2014/01/14/ember-security-releases.html", "name" : "http://emberjs.com/blog/2014/01/14/ember-security-releases.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://emberjs.com/blog/2014/01/14/ember-security-releases.html", "name" : "http://emberjs.com/blog/2014/01/14/ember-security-releases.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://groups.google.com/forum/#%21topic/ember-security/2kpXXCxISS4", "name" : "https://groups.google.com/forum/#%21topic/ember-security/2kpXXCxISS4", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/forum/#%21topic/ember-security/2kpXXCxISS4", "name" : "https://groups.google.com/forum/#%21topic/ember-security/2kpXXCxISS4", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.4.0:beta.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.6.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.5.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.4.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.3.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.2.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.1.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:pre.4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:pre.3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:pre.2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T21:29Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0014", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://emberjs.com/blog/2014/01/14/ember-security-releases.html", "name" : "http://emberjs.com/blog/2014/01/14/ember-security-releases.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://emberjs.com/blog/2014/01/14/ember-security-releases.html", "name" : "http://emberjs.com/blog/2014/01/14/ember-security-releases.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/forum/#%21topic/ember-security/PSE4RzTi6l4", "name" : "https://groups.google.com/forum/#%21topic/ember-security/PSE4RzTi6l4", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/forum/#%21topic/ember-security/PSE4RzTi6l4", "name" : "https://groups.google.com/forum/#%21topic/ember-security/PSE4RzTi6l4", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the \"{{group}}\" Helper and a crafted payload." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.4.0:beta.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.6.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.5.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.4.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.3.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.2.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.1.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:pre.4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:pre.3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:pre.2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emberjs:ember.js:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T21:29Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0021", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/17/9", "name" : "http://www.openwall.com/lists/oss-security/2014/01/17/9", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/17/9", "name" : "http://www.openwall.com/lists/oss-security/2014/01/17/9", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/18/1", "name" : "http://www.openwall.com/lists/oss-security/2014/01/18/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/18/1", "name" : "http://www.openwall.com/lists/oss-security/2014/01/18/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/18/2", "name" : "http://www.openwall.com/lists/oss-security/2014/01/18/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/18/2", "name" : "http://www.openwall.com/lists/oss-security/2014/01/18/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/18/3", "name" : "http://www.openwall.com/lists/oss-security/2014/01/18/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/18/3", "name" : "http://www.openwall.com/lists/oss-security/2014/01/18/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/19/1", "name" : "http://www.openwall.com/lists/oss-security/2014/01/19/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/19/1", "name" : "http://www.openwall.com/lists/oss-security/2014/01/19/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/65035", "name" : "http://www.securityfocus.com/bid/65035", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65035", "name" : "http://www.securityfocus.com/bid/65035", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0021", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0021", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0021", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0021", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90925", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90925", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90925", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90925", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-0021", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-0021", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-0021", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-0021", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Chrony before 1.29.1 has traffic amplification in cmdmon protocol" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:chrony_project:chrony:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-15T15:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0023", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-668" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-0023", "name" : "https://access.redhat.com/security/cve/cve-2014-0023", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0023", "name" : "https://access.redhat.com/security/cve/cve-2014-0023", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-15T15:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0024", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-07T16:15Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0025", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-1690. Reason: This candidate is a reservation duplicate of CVE-2014-1690. Notes: All CVE users should reference CVE-2014-1690 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-01-28T23:55Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0026", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-0026", "name" : "https://access.redhat.com/security/cve/cve-2014-0026", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0026", "name" : "https://access.redhat.com/security/cve/cve-2014-0026", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0026", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0026", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0026", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0026", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "katello-headpin is vulnerable to CSRF in REST API" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:subscription_asset_manager:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-11T15:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0048", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/03/24/18", "name" : "http://www.openwall.com/lists/oss-security/2015/03/24/18", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/24/18", "name" : "http://www.openwall.com/lists/oss-security/2015/03/24/18", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/24/22", "name" : "http://www.openwall.com/lists/oss-security/2015/03/24/22", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/24/22", "name" : "http://www.openwall.com/lists/oss-security/2015/03/24/22", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/24/23", "name" : "http://www.openwall.com/lists/oss-security/2015/03/24/23", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/24/23", "name" : "http://www.openwall.com/lists/oss-security/2015/03/24/23", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0048", "name" : "https://access.redhat.com/security/cve/cve-2014-0048", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0048", "name" : "https://access.redhat.com/security/cve/cve-2014-0048", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0048", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0048", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0048", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0048", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0048", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0048", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0048", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0048", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", "name" : "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List" ] }, { "url" : "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", "name" : "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-0048", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-0048", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-0048", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-0048", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-02T17:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0051", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-15T15:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0052", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-07-20T15:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0068", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-732" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064100", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064100", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064100", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064100", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift-origin-node-util:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "1.0", "versionEndIncluding" : "2.1.1", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2022-06-30T21:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0070", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-02-27T01:55Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0083", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-916" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a", "name" : "https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a", "name" : "https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-0083", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-0083", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-0083", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-0083", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:net-ldap_project:net-ldap:*:*:*:*:*:ruby:*:*", "versionEndExcluding" : "0.16.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-21T14:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0084", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift_origin:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-02-14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-21T15:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0087", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1067623", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1067623", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1067623", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1067623", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/ManageIQ/manageiq/issues/1581", "name" : "https://github.com/ManageIQ/manageiq/issues/1581", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/ManageIQ/manageiq/issues/1581", "name" : "https://github.com/ManageIQ/manageiq/issues/1581", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:cloudforms_management_engine:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-11T16:29Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0091", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-0091", "name" : "https://access.redhat.com/security/cve/cve-2014-0091", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0091", "name" : "https://access.redhat.com/security/cve/cve-2014-0091", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0091", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0091", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0091", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0091", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-0091", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-0091", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-0091", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-0091", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Foreman has improper input validation which could lead to partial Denial of Service" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:theforeman:foreman:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-11T15:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0104", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-0104", "name" : "https://access.redhat.com/security/cve/cve-2014-0104", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0104", "name" : "https://access.redhat.com/security/cve/cve-2014-0104", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0104", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0104", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0104", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0104", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0104", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0104", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0104", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0104", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-0104", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-0104", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-0104", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-0104", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clusterlabs:fence-agents:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.0.17", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-02T17:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0108", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0144", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce", "refsource" : "", "tags" : [ ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2014-0420.html", "name" : "http://rhn.redhat.com/errata/RHSA-2014-0420.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2014-0420.html", "name" : "http://rhn.redhat.com/errata/RHSA-2014-0420.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2014-0421.html", "name" : "http://rhn.redhat.com/errata/RHSA-2014-0421.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2014-0421.html", "name" : "http://rhn.redhat.com/errata/RHSA-2014-0421.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1079240", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1079240", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1079240", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1079240", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://www.vulnerabilitycenter.com/#%21vul=44767", "name" : "https://www.vulnerabilitycenter.com/#%21vul=44767", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.vulnerabilitycenter.com/#%21vul=44767", "name" : "https://www.vulnerabilitycenter.com/#%21vul=44767", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.6, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 6.0 } }, "publishedDate" : "2022-09-29T03:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0147", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789", "refsource" : "", "tags" : [ ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2014-0420.html", "name" : "http://rhn.redhat.com/errata/RHSA-2014-0420.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2014-0420.html", "name" : "http://rhn.redhat.com/errata/RHSA-2014-0420.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2014-0421.html", "name" : "http://rhn.redhat.com/errata/RHSA-2014-0421.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2014-0421.html", "name" : "http://rhn.redhat.com/errata/RHSA-2014-0421.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/03/26/8", "name" : "http://www.openwall.com/lists/oss-security/2014/03/26/8", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/03/26/8", "name" : "http://www.openwall.com/lists/oss-security/2014/03/26/8", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1078848", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1078848", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1078848", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1078848", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1086717", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1086717", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1086717", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1086717", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.6.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.2, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.5, "impactScore" : 3.6 } }, "publishedDate" : "2022-09-29T03:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0148", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-835" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6", "name" : "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6", "refsource" : "", "tags" : [ ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2014-0420.html", "name" : "http://rhn.redhat.com/errata/RHSA-2014-0420.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2014-0420.html", "name" : "http://rhn.redhat.com/errata/RHSA-2014-0420.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2014-0421.html", "name" : "http://rhn.redhat.com/errata/RHSA-2014-0421.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2014-0421.html", "name" : "http://rhn.redhat.com/errata/RHSA-2014-0421.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/03/26/8", "name" : "http://www.openwall.com/lists/oss-security/2014/03/26/8", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/03/26/8", "name" : "http://www.openwall.com/lists/oss-security/2014/03/26/8", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1078212", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1078212", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1078212", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1078212", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2022-09-29T03:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0156", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ManageIQ/awesome_spawn/commit/e524f85f1c6e292ef7d117d7818521307ac269ff", "name" : "https://github.com/ManageIQ/awesome_spawn/commit/e524f85f1c6e292ef7d117d7818521307ac269ff", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ManageIQ/awesome_spawn/commit/e524f85f1c6e292ef7d117d7818521307ac269ff", "name" : "https://github.com/ManageIQ/awesome_spawn/commit/e524f85f1c6e292ef7d117d7818521307ac269ff", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://rubysec.com/advisories/CVE-2014-0156/", "name" : "https://rubysec.com/advisories/CVE-2014-0156/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://rubysec.com/advisories/CVE-2014-0156/", "name" : "https://rubysec.com/advisories/CVE-2014-0156/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:manageiq:awesomespawn:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.2.0", "versionEndExcluding" : "1.5.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2022-06-30T21:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0158", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1082925", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1082925", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1082925", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1082925", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=871412", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=871412", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=871412", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=871412", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only \"null pointer dereferences, division by zero, and anything that would just fit as DoS.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-10T15:29Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0161", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-0161", "name" : "https://access.redhat.com/security/cve/cve-2014-0161", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0161", "name" : "https://access.redhat.com/security/cve/cve-2014-0161", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0161", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0161", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0161", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0161", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ovirt-engine-sdk-python_project:ovirt-engine-sdk-python:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.5.0.0", "versionEndExcluding" : "3.5.0.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ovirt-engine-sdk-python_project:ovirt-engine-sdk-python:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.4.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-02T18:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0163", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-0163", "name" : "https://access.redhat.com/security/cve/cve-2014-0163", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0163", "name" : "https://access.redhat.com/security/cve/cve-2014-0163", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Openshift has shell command injection flaws due to unsanitized data being passed into shell commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-11T16:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0169", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-0169", "name" : "https://access.redhat.com/security/cve/cve-2014-0169", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0169", "name" : "https://access.redhat.com/security/cve/cve-2014-0169", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-02T20:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0175", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-0175", "name" : "https://access.redhat.com/security/cve/cve-2014-0175", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0175", "name" : "https://access.redhat.com/security/cve/cve-2014-0175", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-0175", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-0175", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-0175", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-0175", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mcollective has a default password set at install" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:puppet:marionette_collective:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift:2.1:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift:1.0:-:enterprise:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-13T13:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0183", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-0183", "name" : "https://access.redhat.com/security/cve/cve-2014-0183", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0183", "name" : "https://access.redhat.com/security/cve/cve-2014-0183", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0183", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0183", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0183", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0183", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:subscription_asset_manager:1.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-02T20:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0194", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-05-19T10:59Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0197", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-0197", "name" : "https://access.redhat.com/security/cve/cve-2014-0197", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0197", "name" : "https://access.redhat.com/security/cve/cve-2014-0197", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0197", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0197", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0197", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0197", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CFME: CSRF protection vulnerability via permissive check of the referrer header" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:cloudforms:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:cloudforms_management_engine:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0", "versionEndIncluding" : "5.9.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-13T13:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0212", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-0212", "name" : "https://access.redhat.com/security/cve/cve-2014-0212", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0212", "name" : "https://access.redhat.com/security/cve/cve-2014-0212", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0212", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0212", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0212", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0212", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-0212", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-0212", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-0212", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-0212", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:qpid-cpp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-13T13:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0234", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-1188" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://openwall.com/lists/oss-security/2014/06/05/19", "name" : "http://openwall.com/lists/oss-security/2014/06/05/19", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2014/06/05/19", "name" : "http://openwall.com/lists/oss-security/2014/06/05/19", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/67657", "name" : "http://www.securityfocus.com/bid/67657", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/67657", "name" : "http://www.securityfocus.com/bid/67657", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1097008", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1097008", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1097008", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1097008", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://github.com/openshift/openshift-extras/blob/master/README.md", "name" : "https://github.com/openshift/openshift-extras/blob/master/README.md", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/openshift/openshift-extras/blob/master/README.md", "name" : "https://github.com/openshift/openshift-extras/blob/master/README.md", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://rhn.redhat.com/errata/RHSA-2014-0487.html", "name" : "https://rhn.redhat.com/errata/RHSA-2014-0487.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://rhn.redhat.com/errata/RHSA-2014-0487.html", "name" : "https://rhn.redhat.com/errata/RHSA-2014-0487.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of \"mooo\" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "versionEndExcluding" : "2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-12T01:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0235", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0325, CVE-2014-3538. Reason: This candidate is a duplicate of CVE-2014-0325 and/or CVE-2014-3538. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-0325 instead of this candidate for the issue in the Internet Explorer product, and should reference CVE-2014-3538 instead of this candidate for the issue in the file product. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-04-08T23:55Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0241", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-0241", "name" : "https://access.redhat.com/security/cve/cve-2014-0241", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0241", "name" : "https://access.redhat.com/security/cve/cve-2014-0241", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0241", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0241", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0241", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0241", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:theforeman:hammer_cli:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-13T13:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0242", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html", "name" : "http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html", "name" : "http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.4.html", "name" : "http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.4.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.4.html", "name" : "http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.4.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/21/1", "name" : "http://www.openwall.com/lists/oss-security/2014/05/21/1", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/21/1", "name" : "http://www.openwall.com/lists/oss-security/2014/05/21/1", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.securityfocus.com/bid/67534", "name" : "http://www.securityfocus.com/bid/67534", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/67534", "name" : "http://www.securityfocus.com/bid/67534", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:modwsgi:mod_wsgi:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-09T20:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0243", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.mathias-kettner.de/git/?p=check_mk.git%3Ba=commit%3Bh=0426323df1641596c4f01ef5a716a3b65276f01c", "name" : "http://git.mathias-kettner.de/git/?p=check_mk.git%3Ba=commit%3Bh=0426323df1641596c4f01ef5a716a3b65276f01c", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.mathias-kettner.de/git/?p=check_mk.git%3Ba=commit%3Bh=0426323df1641596c4f01ef5a716a3b65276f01c", "name" : "http://git.mathias-kettner.de/git/?p=check_mk.git%3Ba=commit%3Bh=0426323df1641596c4f01ef5a716a3b65276f01c", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.mathias-kettner.de/git/?p=check_mk.git%3Ba=commit%3Bh=a2ef8d00c53ec9cbd05c4ae2f09b50761130e7ce", "name" : "http://git.mathias-kettner.de/git/?p=check_mk.git%3Ba=commit%3Bh=a2ef8d00c53ec9cbd05c4ae2f09b50761130e7ce", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.mathias-kettner.de/git/?p=check_mk.git%3Ba=commit%3Bh=a2ef8d00c53ec9cbd05c4ae2f09b50761130e7ce", "name" : "http://git.mathias-kettner.de/git/?p=check_mk.git%3Ba=commit%3Bh=a2ef8d00c53ec9cbd05c4ae2f09b50761130e7ce", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134160.html", "name" : "FEDORA-2014-6818", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134160.html", "name" : "FEDORA-2014-6818", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134166.html", "name" : "FEDORA-2014-6810", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134166.html", "name" : "FEDORA-2014-6810", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://packetstormsecurity.com/files/126857/Check_MK-Arbitrary-File-Disclosure.html", "name" : "http://packetstormsecurity.com/files/126857/Check_MK-Arbitrary-File-Disclosure.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/126857/Check_MK-Arbitrary-File-Disclosure.html", "name" : "http://packetstormsecurity.com/files/126857/Check_MK-Arbitrary-File-Disclosure.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/145", "name" : "20140528 LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/145", "name" : "20140528 LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/28/1", "name" : "[oss-security] 20140528 LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/28/1", "name" : "[oss-security] 20140528 LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/67674", "name" : "67674", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/67674", "name" : "67674", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101669", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101669", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101669", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101669", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://secuniaresearch.flexerasoftware.com/advisories/58536", "name" : "58536", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://secuniaresearch.flexerasoftware.com/advisories/58536", "name" : "58536", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/archive/1/532224/100/0/threaded", "name" : "20140528 LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/archive/1/532224/100/0/threaded", "name" : "20140528 LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:check_mk_project:check_mk:1.2.5:i2p1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:check_mk_project:check_mk:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.2.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-19T17:29Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0245", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2015:1009", "name" : "https://access.redhat.com/errata/RHSA-2015:1009", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2015:1009", "name" : "https://access.redhat.com/errata/RHSA-2015:1009", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0245", "name" : "https://access.redhat.com/security/cve/cve-2014-0245", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-0245", "name" : "https://access.redhat.com/security/cve/cve-2014-0245", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_portal:6.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-02T20:15Z", "lastModifiedDate" : "2024-11-21T02:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0252", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0264", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0265", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0291", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0292", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue requiring a CVE ID. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-02-23T05:59Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0320", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0346", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0160. Reason: This candidate is a reservation duplicate of CVE-2014-0160. Notes: All CVE users should reference CVE-2014-0160 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-04-07T22:55Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0352", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2216. Reason: This candidate is a reservation duplicate of CVE-2014-2216. Notes: All CVE users should reference CVE-2014-2216 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-09-10T18:55Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0360", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2741. Reason: This candidate is a duplicate of CVE-2014-2741. Notes: All CVE users should reference CVE-2014-2741 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-04-23T20:55Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0409", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0486", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/70097", "name" : "70097", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/70097", "name" : "70097", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96185", "name" : "knotdns-cve20140486-dos(96185)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96185", "name" : "knotdns-cve20140486-dos(96185)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://gitlab.labs.nic.cz/knot/knot-dns/issues/294", "name" : "https://gitlab.labs.nic.cz/knot/knot-dns/issues/294", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://gitlab.labs.nic.cz/knot/knot-dns/issues/294", "name" : "https://gitlab.labs.nic.cz/knot/knot-dns/issues/294", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nic:knot_cms:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-27T16:29Z", "lastModifiedDate" : "2024-11-21T02:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0530", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0575", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0579", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0593", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=866966", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=866966", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=866966", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=866966", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/openSUSE/obs-service-set_version/commit/10d5bddcea29f74a175f7f550924bf6407e52e93", "name" : "https://github.com/openSUSE/obs-service-set_version/commit/10d5bddcea29f74a175f7f550924bf6407e52e93", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/openSUSE/obs-service-set_version/commit/10d5bddcea29f74a175f7f550924bf6407e52e93", "name" : "https://github.com/openSUSE/obs-service-set_version/commit/10d5bddcea29f74a175f7f550924bf6407e52e93", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.opensuse.org/opensuse-buildservice/2014-03/msg00014.html", "name" : "[opensuse-buildservice] 20140303 EXE package format", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.opensuse.org/opensuse-buildservice/2014-03/msg00014.html", "name" : "[opensuse-buildservice] 20140303 EXE package format", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.suse.com/de-de/security/cve/CVE-2014-0593/", "name" : "https://www.suse.com/de-de/security/cve/CVE-2014-0593/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.suse.com/de-de/security/cve/CVE-2014-0593/", "name" : "https://www.suse.com/de-de/security/cve/CVE-2014-0593/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:open_build_service:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.5.3", "versionEndExcluding" : "1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-08T17:29Z", "lastModifiedDate" : "2024-11-21T02:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0594", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=870606", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=870606", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=870606", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=870606", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8", "name" : "https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8", "name" : "https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opensuse:open_build_service:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.4.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-06-08T17:29Z", "lastModifiedDate" : "2024-11-21T02:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0606", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0603. Reason: This issue was MERGED into CVE-2014-0603 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-0603 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-02-06T11:59Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0631", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-07T15:59Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0744", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0756", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0775", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0785", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0788", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0841", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-326" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90704", "name" : "ibm-focalpoint-cve20140841-weak-sec(90704)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90704", "name" : "ibm-focalpoint-cve20140841-weak-sec(90704)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/", "name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/", "name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_focal_point:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_focal_point:6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_focal_point:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_focal_point:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_focal_point:6.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-27T16:29Z", "lastModifiedDate" : "2024-11-21T02:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0872", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" }, { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90988", "name" : "ibm-tivoli-cve20140872-info-disc(90988)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90988", "name" : "ibm-tivoli-cve20140872-info-disc(90988)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-unencrypted-credentials-stored-on-ibm-security-key-lifecycle-manager-server-cve-2014-0872/", "name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-unencrypted-credentials-stored-on-ibm-security-key-lifecycle-manager-server-cve-2014-0872/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-unencrypted-credentials-stored-on-ibm-security-key-lifecycle-manager-server-cve-2014-0872/", "name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-unencrypted-credentials-stored-on-ibm-security-key-lifecycle-manager-server-cve-2014-0872/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0:*:*:*:*:linux:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.5, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:S/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 1.5 }, "severity" : "LOW", "exploitabilityScore" : 2.7, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-25T20:29Z", "lastModifiedDate" : "2024-11-21T02:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0881", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.lenovo.com/us/en/solutions/ht114524", "name" : "https://support.lenovo.com/us/en/solutions/ht114524", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://support.lenovo.com/us/en/solutions/ht114524", "name" : "https://support.lenovo.com/us/en/solutions/ht114524", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.ibm.com/blogs/psirt/security-bulletin-tpm-on-the-integrated-management-module-ii-imm2-of-flex-system-x222-compute-node-is-not-configured-correctly-cve-2014-0881/", "name" : "https://www.ibm.com/blogs/psirt/security-bulletin-tpm-on-the-integrated-management-module-ii-imm2-of-flex-system-x222-compute-node-is-not-configured-correctly-cve-2014-0881/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/blogs/psirt/security-bulletin-tpm-on-the-integrated-management-module-ii-imm2-of-flex-system-x222-compute-node-is-not-configured-correctly-cve-2014-0881/", "name" : "https://www.ibm.com/blogs/psirt/security-bulletin-tpm-on-the-integrated-management-module-ii-imm2-of-flex-system-x222-compute-node-is-not-configured-correctly-cve-2014-0881/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094725", "name" : "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094725", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094725", "name" : "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094725", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:integrated_management_module_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.00", "versionEndIncluding" : "3.56", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:flex_system_x222:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.4, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-25T20:29Z", "lastModifiedDate" : "2024-11-21T02:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0882", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.lenovo.com/us/en/solutions/ht114525", "name" : "https://support.lenovo.com/us/en/solutions/ht114525", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://support.lenovo.com/us/en/solutions/ht114525", "name" : "https://support.lenovo.com/us/en/solutions/ht114525", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/", "name" : "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/", "name" : "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726", "name" : "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726", "name" : "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:integrated_management_module_firmware:3.50:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:integrated_management_module_firmware:3.55:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:integrated_management_module_firmware:3.56:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:integrated_management_module_firmware:3.65:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:integrated_management_module_firmware:3.67:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:flex_system_manager_7955:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:flex_system_manager_8731:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:flex_system_x220:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:flex_system_x240:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:flex_system_x440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-25T20:29Z", "lastModifiedDate" : "2024-11-21T02:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0883", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91163", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91163", "refsource" : "", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91163", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91163", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883", "name" : "https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883", "name" : "https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  91163." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:power_hardware_management_console:7r7.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:power_hardware_management_console:7r7.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:power_hardware_management_console:7r7.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:power_hardware_management_console:7r7.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:power_hardware_management_console:7r7.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:power_hardware_management_console:7r7.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:power_hardware_management_console:7r7.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:power_hardware_management_console:7r7.7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:power_hardware_management_console:7r7.8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:power_hardware_management_console:7r7.7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:power_hardware_management_console:7r7.7.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0900", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://securityintelligence.com/how-to-cheat-your-mdm-compliance-without-a-password/", "name" : "https://securityintelligence.com/how-to-cheat-your-mdm-compliance-without-a-password/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://securityintelligence.com/how-to-cheat-your-mdm-compliance-without-a-password/", "name" : "https://securityintelligence.com/how-to-cheat-your-mdm-compliance-without-a-password/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0912", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674739", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674739", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674739", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674739", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92072", "name" : "ibm-sterling-cve20140912-info-disc(92072)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92072", "name" : "ibm-sterling-cve20140912-info-disc(92072)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0927", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674739", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674739", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674739", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674739", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92259", "name" : "ibm-sterling-cve20140927-sec-bypass(92259)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92259", "name" : "ibm-sterling-cve20140927-sec-bypass(92259)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0931", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21668868", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21668868", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21668868", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21668868", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263", "name" : "ibm-clearcase-cve20140931-xxe(92263)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263", "name" : "ibm-clearcase-cve20140931-xxe(92263)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.1", "versionEndIncluding" : "8.0.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0", "versionEndIncluding" : "8.0.0.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.1.2", "versionEndIncluding" : "7.1.2.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.1", "versionEndIncluding" : "7.1.0.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.1.1", "versionEndIncluding" : "7.1.1.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0950", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675164", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675164", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675164", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675164", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623", "name" : "ibm-clearquest-cve20140950-info-disc(92623)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92623", "name" : "ibm-clearquest-cve20140950-info-disc(92623)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.1.1", "versionEndIncluding" : "7.1.1.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.1.2", "versionEndIncluding" : "7.1.2.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0", "versionEndIncluding" : "8.0.0.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_clearquest:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.1", "versionEndIncluding" : "8.0.1.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 4.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-0982", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0981. Reason: This issue was MERGED into CVE-2014-0981 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-0981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-03-31T14:58Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10000", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-13T11:59Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-100000", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-13T11:59Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1000000", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. This CVE id is an example number in https://cve.mitre.org/cve/identifiers/syntaxchange.html. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-02-19T15:15Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10039", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-19" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800, calling qsee_app_entry_return() without first calling qsee_app_entry() will cause the stack to be restored to an older state resulting in a return to an unexpected location." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1004", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9456. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accidental truncation of CVE IDs with sequence numbers containing more than 4 digits. See references. Notes: All CVE users should reference CVE-2014-9456 instead of this candidate" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-10T00:59Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10043", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800, while reading PlayReady rights string information from command buffer (which is sent from non-secure side), if length of rights string is very large, a buffer over read occurs, exposing TZ App memory to non-secure side." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10044", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-129" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 617, SD 800, and SD 820, in the time daemon, unauthorized users can potentially modify system time and cause an array index to be out-of-bound." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10045", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 820, and SDX20, buffer overflow vulnerability exist in Sahara boot when program header are parsing." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10046", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, use after free vulnerability when the PDN throttle info block is freed without clearing the corresponding active timer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10047", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, when writing the Full Disk Encryption key to crypto engine, information leak could occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10048", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-129" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, while setting the offsets, time-services allows the user to set bases greater than valid base value which will lead to array index out-of-bound." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10049", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-08-30T16:15Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10050", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8996, MSM8939, MSM8976, MSM8917, SDM845, and SDM660, access control collision vulnerability when accessing the replay protected memory block." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8996_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8996:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8939_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8939:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8976_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8976:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8917_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8917:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10051", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SDX20, after loading a dynamically loaded code section, I-Cache is not invalidated, which could lead to executing code from stale cache lines." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10052", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, SD 835, and SDX20, the reserved memory of TZ subsystem (like TZ apps and some PIL image subsystem) is not cleared after being used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:fsm9055_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:fsm9055:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10053", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, data access is not properly validated in the Widevine secure application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10054", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SDX20, lack of input validation on BT HCI commands processing allows privilege escalation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9379:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10055", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, there could be leakage of protected contents if HLOS doesn't request for security restoration for OCMEM xPU's." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10056", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, A buffer overflow can potentially occur in any OpenCL application that calls clBuildProgram() with a device of type CL_DEVICE_TYPE_CPU in its device_list argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10057", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10058", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, unauthorized users can potentially modify system time." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10059", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, SD 210/SD 212/SD 205, SD 400, and SD 800, improper access control on ATCMD service allows third party services to access without user knowledge." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10060", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-08-30T15:15Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10061", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-08-30T15:15Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10062", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, LocationService is being exported, which is a way for a service to expose its methods to other services. This makes it possible for any other services to import LocationService and call into the exposed method for bringing up a data connection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10063", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-254" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 and SD 800, a fuse is not correctly blown on a secure device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10064", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-399" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nodesecurity.io/advisories/28", "name" : "https://nodesecurity.io/advisories/28", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/28", "name" : "https://nodesecurity.io/advisories/28", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-31T20:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10065", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jonschlinkert/remarkable/issues/97", "name" : "https://github.com/jonschlinkert/remarkable/issues/97", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/jonschlinkert/remarkable/issues/97", "name" : "https://github.com/jonschlinkert/remarkable/issues/97", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/30", "name" : "https://nodesecurity.io/advisories/30", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/30", "name" : "https://nodesecurity.io/advisories/30", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:remarkable_project:remarkable:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "1.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-05-31T20:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10066", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nodesecurity.io/advisories/9", "name" : "https://nodesecurity.io/advisories/9", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/9", "name" : "https://nodesecurity.io/advisories/9", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fancy-server_project:fancy-server:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "0.1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-31T20:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10067", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/andzdroid/paypal-ipn/issues/11", "name" : "https://github.com/andzdroid/paypal-ipn/issues/11", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/andzdroid/paypal-ipn/issues/11", "name" : "https://github.com/andzdroid/paypal-ipn/issues/11", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/26", "name" : "https://nodesecurity.io/advisories/26", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/26", "name" : "https://nodesecurity.io/advisories/26", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paypal-ipn_project:paypal-ipn:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "3.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-29T20:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10068", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/hapijs/inert/commit/e8f99f94da4cb08e8032eda984761c3f111e3e82", "name" : "https://github.com/hapijs/inert/commit/e8f99f94da4cb08e8032eda984761c3f111e3e82", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/hapijs/inert/commit/e8f99f94da4cb08e8032eda984761c3f111e3e82", "name" : "https://github.com/hapijs/inert/commit/e8f99f94da4cb08e8032eda984761c3f111e3e82", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/hapijs/inert/pull/15", "name" : "https://github.com/hapijs/inert/pull/15", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/hapijs/inert/pull/15", "name" : "https://github.com/hapijs/inert/pull/15", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/14", "name" : "https://nodesecurity.io/advisories/14", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/14", "name" : "https://nodesecurity.io/advisories/14", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hapi:inert:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "1.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-29T20:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10069", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blogger.davidmanouchehri.com/2018/01/hitrons-encryption.html", "name" : "https://blogger.davidmanouchehri.com/2018/01/hitrons-encryption.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blogger.davidmanouchehri.com/2018/01/hitrons-encryption.html", "name" : "https://blogger.davidmanouchehri.com/2018/01/hitrons-encryption.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/habohitron/habohitron/blob/6add0d002fe553f0924a3bba197994c53ca7d52d/firmwares/3.1.1.21/analyse/hc.c#L17", "name" : "https://github.com/habohitron/habohitron/blob/6add0d002fe553f0924a3bba197994c53ca7d52d/firmwares/3.1.1.21/analyse/hc.c#L17", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/habohitron/habohitron/blob/6add0d002fe553f0924a3bba197994c53ca7d52d/firmwares/3.1.1.21/analyse/hc.c#L17", "name" : "https://github.com/habohitron/habohitron/blob/6add0d002fe553f0924a3bba197994c53ca7d52d/firmwares/3.1.1.21/analyse/hc.c#L17", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Manouchehri/hitron-cfg-decrypter", "name" : "https://github.com/Manouchehri/hitron-cfg-decrypter", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/Manouchehri/hitron-cfg-decrypter", "name" : "https://github.com/Manouchehri/hitron-cfg-decrypter", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hitrontech:cve-30360_firmware:3.1.1.21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:hitrontech:cve-30360:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-07T20:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10070", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://zsh.sourceforge.net/releases.html", "name" : "http://zsh.sourceforge.net/releases.html", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "http://zsh.sourceforge.net/releases.html", "name" : "http://zsh.sourceforge.net/releases.html", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72", "name" : "https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72", "name" : "https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3593-1/", "name" : "USN-3593-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3593-1/", "name" : "USN-3593-1", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where \"env_reset\" has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zsh_project:zsh:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-27T22:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10071", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2018:3073", "name" : "RHSA-2018:3073", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:3073", "name" : "RHSA-2018:3073", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055", "name" : "https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055", "name" : "https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3593-1/", "name" : "USN-3593-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3593-1/", "name" : "USN-3593-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the \">& fd\" syntax." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zsh:zsh:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-27T22:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10072", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2018:1932", "name" : "RHSA-2018:1932", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1932", "name" : "RHSA-2018:1932", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:3073", "name" : "RHSA-2018:3073", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:3073", "name" : "RHSA-2018:3073", "refsource" : "", "tags" : [ ] }, { "url" : "https://sourceforge.net/p/zsh/code/ci/3e06aeabd8a9e8384ebaa8b08996cd1f64737210", "name" : "https://sourceforge.net/p/zsh/code/ci/3e06aeabd8a9e8384ebaa8b08996cd1f64737210", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://sourceforge.net/p/zsh/code/ci/3e06aeabd8a9e8384ebaa8b08996cd1f64737210", "name" : "https://sourceforge.net/p/zsh/code/ci/3e06aeabd8a9e8384ebaa8b08996cd1f64737210", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3593-1/", "name" : "USN-3593-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3593-1/", "name" : "USN-3593-1", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zsh_project:zsh:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-27T22:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10073", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.wpitchoune.net/gitweb/?p=psensor.git%3Ba=blob%3Bf=NEWS", "name" : "http://git.wpitchoune.net/gitweb/?p=psensor.git%3Ba=blob%3Bf=NEWS", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.wpitchoune.net/gitweb/?p=psensor.git%3Ba=blob%3Bf=NEWS", "name" : "http://git.wpitchoune.net/gitweb/?p=psensor.git%3Ba=blob%3Bf=NEWS", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.wpitchoune.net/gitweb/?p=psensor.git%3Ba=commit%3Bh=48739caa745f9f8002e87af574f03e5dc6ae3447", "name" : "http://git.wpitchoune.net/gitweb/?p=psensor.git%3Ba=commit%3Bh=48739caa745f9f8002e87af574f03e5dc6ae3447", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.wpitchoune.net/gitweb/?p=psensor.git%3Ba=commit%3Bh=48739caa745f9f8002e87af574f03e5dc6ae3447", "name" : "http://git.wpitchoune.net/gitweb/?p=psensor.git%3Ba=commit%3Bh=48739caa745f9f8002e87af574f03e5dc6ae3447", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.wpitchoune.net/gitweb/?p=psensor.git%3Ba=commit%3Bh=8b10426dcc0246c1712a99460dd470dcb1cc4d9c", "name" : "http://git.wpitchoune.net/gitweb/?p=psensor.git%3Ba=commit%3Bh=8b10426dcc0246c1712a99460dd470dcb1cc4d9c", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.wpitchoune.net/gitweb/?p=psensor.git%3Ba=commit%3Bh=8b10426dcc0246c1712a99460dd470dcb1cc4d9c", "name" : "http://git.wpitchoune.net/gitweb/?p=psensor.git%3Ba=commit%3Bh=8b10426dcc0246c1712a99460dd470dcb1cc4d9c", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00026.html", "name" : "[debian-lts-announce] 20180424 [SECURITY] [DLA 1361-1] psensor security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00026.html", "name" : "[debian-lts-announce] 20180424 [SECURITY] [DLA 1361-1] psensor security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpitchoune:psensor:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-20T20:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10074", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://issues.umbraco.org/issue/U4-5901", "name" : "http://issues.umbraco.org/issue/U4-5901", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://issues.umbraco.org/issue/U4-5901", "name" : "http://issues.umbraco.org/issue/U4-5901", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://github.com/Umbraco/Umbraco-CMS/commit/cad06502235acabf7fb7dca779d2f78f08547e39", "name" : "https://github.com/Umbraco/Umbraco-CMS/commit/cad06502235acabf7fb7dca779d2f78f08547e39", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Umbraco/Umbraco-CMS/commit/cad06502235acabf7fb7dca779d2f78f08547e39", "name" : "https://github.com/Umbraco/Umbraco-CMS/commit/cad06502235acabf7fb7dca779d2f78f08547e39", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-27T04:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10075", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.vapid.dhs.org/advisories/karo-2.3.8.html", "name" : "http://www.vapid.dhs.org/advisories/karo-2.3.8.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/karo-2.3.8.html", "name" : "http://www.vapid.dhs.org/advisories/karo-2.3.8.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapidlabs.com/advisory.php?v=63", "name" : "http://www.vapidlabs.com/advisory.php?v=63", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapidlabs.com/advisory.php?v=63", "name" : "http://www.vapidlabs.com/advisory.php?v=63", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The karo gem 2.3.8 for Ruby allows Remote command injection via the host field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:karo_project:karo:2.3.8:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-10-05T06:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10076", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.vapidlabs.com/advisory.php?v=81", "name" : "http://www.vapidlabs.com/advisory.php?v=81", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapidlabs.com/advisory.php?v=81", "name" : "http://www.vapidlabs.com/advisory.php?v=81", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wp-db-backup_project:wp-db-backup:2.2.4:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-10-05T06:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10077", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/rubysec/ruby-advisory-db/pull/182/files", "name" : "https://github.com/rubysec/ruby-advisory-db/pull/182/files", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/rubysec/ruby-advisory-db/pull/182/files", "name" : "https://github.com/rubysec/ruby-advisory-db/pull/182/files", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/svenfuchs/i18n/pull/289", "name" : "https://github.com/svenfuchs/i18n/pull/289", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/svenfuchs/i18n/pull/289", "name" : "https://github.com/svenfuchs/i18n/pull/289", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/svenfuchs/i18n/releases/tag/v0.8.0", "name" : "https://github.com/svenfuchs/i18n/releases/tag/v0.8.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/svenfuchs/i18n/releases/tag/v0.8.0", "name" : "https://github.com/svenfuchs/i18n/releases/tag/v0.8.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00021.html", "name" : "[debian-lts-announce] 20181121 [SECURITY] [DLA 1584-1] ruby-i18n security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00021.html", "name" : "[debian-lts-announce] 20181121 [SECURITY] [DLA 1584-1] ruby-i18n security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:i18n_project:i18n:*:*:*:*:*:ruby:*:*", "versionEndExcluding" : "0.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-11-06T15:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10078", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cxsecurity.com/issue/WLB-2018120091", "name" : "https://cxsecurity.com/issue/WLB-2018120091", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://cxsecurity.com/issue/WLB-2018120091", "name" : "https://cxsecurity.com/issue/WLB-2018120091", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/fulldisclosure/2014/Aug/8", "name" : "https://seclists.org/fulldisclosure/2014/Aug/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/fulldisclosure/2014/Aug/8", "name" : "https://seclists.org/fulldisclosure/2014/Aug/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/46549/", "name" : "46549", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/46549/", "name" : "46549", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vembu:storegrid:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-02-23T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10079", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cxsecurity.com/issue/WLB-2018120091", "name" : "https://cxsecurity.com/issue/WLB-2018120091", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://cxsecurity.com/issue/WLB-2018120091", "name" : "https://cxsecurity.com/issue/WLB-2018120091", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html", "name" : "https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html", "name" : "https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://seclists.org/fulldisclosure/2014/Aug/8", "name" : "https://seclists.org/fulldisclosure/2014/Aug/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/fulldisclosure/2014/Aug/8", "name" : "https://seclists.org/fulldisclosure/2014/Aug/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/46549/", "name" : "46549", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/46549/", "name" : "46549", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the \"ipaddress\" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vembu:storegrid:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-02-23T14:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10374", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf", "name" : "https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf", "name" : "https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://twitter.com/TedOnPrivacy/status/1151390589990187008", "name" : "https://twitter.com/TedOnPrivacy/status/1151390589990187008", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://twitter.com/TedOnPrivacy/status/1151390589990187008", "name" : "https://twitter.com/TedOnPrivacy/status/1151390589990187008", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to \"permanent trackability\" and \"considerable privacy concerns\" without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low Energy (BLE) advertising packets with a TxAdd flag indicating random addresses, but the addresses remain constant. If devices come within BLE range at one or more locations where an adversary has set up passive sniffing, the adversary can determine whether the same device has entered one of these locations." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fitbit:charge_2_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fitbit:charge_2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3 }, "severity" : "LOW", "exploitabilityScore" : 6.5, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-07-15T13:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10375", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-189" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070", "name" : "http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ] }, { "url" : "http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070", "name" : "http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:exosip:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-14T05:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10376", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/i-recommend-this/#developers", "name" : "https://wordpress.org/plugins/i-recommend-this/#developers", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/i-recommend-this/#developers", "name" : "https://wordpress.org/plugins/i-recommend-this/#developers", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:themeist:i_recommend_this:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.7.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-16T21:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10377", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/cforms2/#developers", "name" : "https://wordpress.org/plugins/cforms2/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/cforms2/#developers", "name" : "https://wordpress.org/plugins/cforms2/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9812", "name" : "https://wpvulndb.com/vulnerabilities/9812", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9812", "name" : "https://wpvulndb.com/vulnerabilities/9812", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cformsii_project:cformsii:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "13.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-21T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10378", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/duplicate-post/#developers", "name" : "https://wordpress.org/plugins/duplicate-post/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/duplicate-post/#developers", "name" : "https://wordpress.org/plugins/duplicate-post/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The duplicate-post plugin before 2.6 for WordPress has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:duplicate_post_project:duplicate_post:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-21T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10379", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/duplicate-post/#developers", "name" : "https://wordpress.org/plugins/duplicate-post/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/duplicate-post/#developers", "name" : "https://wordpress.org/plugins/duplicate-post/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The duplicate-post plugin before 2.6 for WordPress has SQL injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:duplicate_post_project:duplicate_post:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-21T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10380", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/profile-builder/#developers", "name" : "https://wordpress.org/plugins/profile-builder/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/profile-builder/#developers", "name" : "https://wordpress.org/plugins/profile-builder/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.66", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-21T18:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10381", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/user-domain-whitelist/#developers", "name" : "https://wordpress.org/plugins/user-domain-whitelist/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/user-domain-whitelist/#developers", "name" : "https://wordpress.org/plugins/user-domain-whitelist/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The user-domain-whitelist plugin before 1.5 for WordPress has CSRF." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:user_domain_whitelist_project:user_domain_whitelist:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-20T15:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10382", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/feature-comments/#developers", "name" : "https://wordpress.org/plugins/feature-comments/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/feature-comments/#developers", "name" : "https://wordpress.org/plugins/feature-comments/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pippinsplugins:featured_comments:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-22T20:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10383", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/memphis-documents-library/#developers", "name" : "https://wordpress.org/plugins/memphis-documents-library/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/memphis-documents-library/#developers", "name" : "https://wordpress.org/plugins/memphis-documents-library/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:memphis_documents_library_project:memphis_documents_library:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-22T14:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10384", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/memphis-documents-library/#developers", "name" : "https://wordpress.org/plugins/memphis-documents-library/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/memphis-documents-library/#developers", "name" : "https://wordpress.org/plugins/memphis-documents-library/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:memphis_documents_library_project:memphis_documents_library:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-22T14:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10385", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/memphis-documents-library/#developers", "name" : "https://wordpress.org/plugins/memphis-documents-library/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/memphis-documents-library/#developers", "name" : "https://wordpress.org/plugins/memphis-documents-library/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:memphis_documents_library_project:memphis_documents_library:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-22T14:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10386", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-live-chat-support/#developers", "name" : "https://wordpress.org/plugins/wp-live-chat-support/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-live-chat-support/#developers", "name" : "https://wordpress.org/plugins/wp-live-chat-support/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:3cx:live_chat:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-22T20:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10387", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "name" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "name" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpsupportplus:wp_support_plus_responsive_ticket_system:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-22T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10388", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "name" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "name" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpsupportplus:wp_support_plus_responsive_ticket_system:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-22T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10389", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "name" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "name" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpsupportplus:wp_support_plus_responsive_ticket_system:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-22T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10390", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "name" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "name" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpsupportplus:wp_support_plus_responsive_ticket_system:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-22T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10391", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "name" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "name" : "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpsupportplus:wp_support_plus_responsive_ticket_system:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-22T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10392", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/cforms2/#developers", "name" : "https://wordpress.org/plugins/cforms2/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/cforms2/#developers", "name" : "https://wordpress.org/plugins/cforms2/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9621", "name" : "https://wpvulndb.com/vulnerabilities/9621", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9621", "name" : "https://wpvulndb.com/vulnerabilities/9621", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The cforms2 plugin before 10.2 for WordPress has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cformsii_project:cformsii:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "10.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-22T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10393", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/cforms2/#developers", "name" : "https://wordpress.org/plugins/cforms2/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/cforms2/#developers", "name" : "https://wordpress.org/plugins/cforms2/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The cforms2 plugin before 10.5 for WordPress has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cformsii_project:cformsii:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "10.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-22T20:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10394", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/rich-counter/#developers", "name" : "https://wordpress.org/plugins/rich-counter/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/rich-counter/#developers", "name" : "https://wordpress.org/plugins/rich-counter/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:saschart:rich_counter:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-22T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10395", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/cp-polls/#developers", "name" : "https://wordpress.org/plugins/cp-polls/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/cp-polls/#developers", "name" : "https://wordpress.org/plugins/cp-polls/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codepeople:polls_cp:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-27T12:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10396", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/128186/", "name" : "https://packetstormsecurity.com/files/128186/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/128186/", "name" : "https://packetstormsecurity.com/files/128186/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:organizedthemes:epic:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.0.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-09-20T20:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10397", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/128188/", "name" : "https://packetstormsecurity.com/files/128188/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/128188/", "name" : "https://packetstormsecurity.com/files/128188/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:para:antioch:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2014-09-07", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-09-20T20:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10398", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", "name" : "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", "name" : "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) DICTIONARY, (2) FILTERIDENT, (3) FROMSCHEME, (4) FromPoint, or (5) FName_0 parameter and a valid sid parameter value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bssys:rbs_bs-client._retail_client:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bssys:rbs_bs-client._retail_client:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-03T20:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10399", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-384" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2014/Apr/318", "name" : "http://seclists.org/fulldisclosure/2014/Apr/318", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Apr/318", "name" : "http://seclists.org/fulldisclosure/2014/Apr/318", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/531981/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/531981/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/531981/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/531981/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", "name" : "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", "name" : "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keplerproject:cgilua:5.2:alpha1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keplerproject:cgilua:5.2:alpha2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keplerproject:cgilua:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "5.0.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keplerproject:cgilua:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.1.0", "versionEndIncluding" : "5.1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-06T16:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10400", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-384" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2014/Apr/318", "name" : "http://seclists.org/fulldisclosure/2014/Apr/318", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Apr/318", "name" : "http://seclists.org/fulldisclosure/2014/Apr/318", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/531981/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/531981/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/531981/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/531981/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", "name" : "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", "name" : "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keplerproject:cgilua:5.2:alpha1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keplerproject:cgilua:5.2:alpha2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keplerproject:cgilua:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "5.0.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keplerproject:cgilua:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.1.0", "versionEndIncluding" : "5.1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-06T16:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10401", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-732" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a", "name" : "https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a", "name" : "https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014", "name" : "https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014", "name" : "https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://rt.cpan.org/Public/Bug/Display.html?id=99508", "name" : "https://rt.cpan.org/Public/Bug/Display.html?id=99508", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://rt.cpan.org/Public/Bug/Display.html?id=99508", "name" : "https://rt.cpan.org/Public/Bug/Display.html?id=99508", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/4509-1/", "name" : "USN-4509-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/4509-1/", "name" : "USN-4509-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:perl:dbi:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.632", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 4.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-09-11T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-10402", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-732" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2022/05/msg00046.html", "name" : "[debian-lts-announce] 20220530 [SECURITY] [DLA 3035-1] libdbi-perl security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2022/05/msg00046.html", "name" : "[debian-lts-announce] 20220530 [SECURITY] [DLA 3035-1] libdbi-perl security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590", "name" : "https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590", "name" : "https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:perl:dbi:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.643", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 4.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-09-16T16:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1137", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9445, CVE-2014-9581, CVE-2014-9582. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accidental truncation of CVE IDs with sequence numbers containing more than 4 digits. See references. Notes: All CVE users should reference CVE-2014-9445, CVE-2014-9581, or CVE-2014-9582 instead of this candidate" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-10T00:59Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1155", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9580. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accidental truncation of CVE IDs with sequence numbers containing more than 4 digits. See references. Notes: All CVE users should reference CVE-2014-9580 instead of this candidate" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-10T00:59Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1214", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91020", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91020", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91020", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91020", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1214/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1214/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1214/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1214/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:projoom:smart_flash_header:*:*:*:*:*:joomla\\!:*:*", "versionEndIncluding" : "3.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-13T21:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1215", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/531144/100/0/threaded", "name" : "20140218 CVE-2014-1215 - Local Code Execution in CoreFTP Core FTP Server", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/531144/100/0/threaded", "name" : "20140218 CVE-2014-1215 - Local Code Execution in CoreFTP Core FTP Server", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1215/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1215/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1215/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1215/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:coreftp:core_ftp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1226", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html", "name" : "http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html", "name" : "http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jun/12", "name" : "20140604 CVE-2014-1226 s3dvt Root shell (still)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jun/12", "name" : "20140604 CVE-2014-1226 s3dvt Root shell (still)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/03/13", "name" : "[oss-security] 20140603 CVE-2014-1226 s3dvt Root shell (still)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/03/13", "name" : "[oss-security] 20140603 CVE-2014-1226 s3dvt Root shell (still)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/532278/100/0/threaded", "name" : "20140603 CVE-2014-1226 s3dvt Root shell (still)", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/532278/100/0/threaded", "name" : "20140603 CVE-2014-1226 s3dvt Root shell (still)", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:s3dvt_project:s3dvt:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-06T17:29Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-123456", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-13T11:59Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1238", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://seclists.org/bugtraq/2014/Jan/41", "name" : "https://seclists.org/bugtraq/2014/Jan/41", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2014/Jan/41", "name" : "https://seclists.org/bugtraq/2014/Jan/41", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in ui/common/managedlistdialog.aspx in Gael Q-Pulse 0.6 and earlier." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ideagen:q-pulse:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-22T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125001", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.remote-exploit.org/archives/2014/06/03/ride_with_the_devil/", "name" : "http://www.remote-exploit.org/archives/2014/06/03/ride_with_the_devil/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.remote-exploit.org/archives/2014/06/03/ride_with_the_devil/", "name" : "http://www.remote-exploit.org/archives/2014/06/03/ride_with_the_devil/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.13428", "name" : "https://vuldb.com/?id.13428", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.13428", "name" : "https://vuldb.com/?id.13428", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cardosystems:scala_rider_q3_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cardosystems:scala_rider_q3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.3 }, "severity" : "HIGH", "exploitabilityScore" : 6.5, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2022-05-24T16:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125002", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=f1caaa1c61310beba705957e6366f0392a0b005b", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=f1caaa1c61310beba705957e6366f0392a0b005b", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=f1caaa1c61310beba705957e6366f0392a0b005b", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=f1caaa1c61310beba705957e6366f0392a0b005b", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12588", "name" : "https://vuldb.com/?id.12588", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12588", "name" : "https://vuldb.com/?id.12588", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125003", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8001e9f7d17e90b4b0898ba64e3b8bbd716c513c", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8001e9f7d17e90b4b0898ba64e3b8bbd716c513c", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8001e9f7d17e90b4b0898ba64e3b8bbd716c513c", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8001e9f7d17e90b4b0898ba64e3b8bbd716c513c", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12587", "name" : "https://vuldb.com/?id.12587", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12587", "name" : "https://vuldb.com/?id.12587", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125004", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6ba02602aa7fc7d38db582e75b8b093fb3c1608d", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6ba02602aa7fc7d38db582e75b8b093fb3c1608d", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6ba02602aa7fc7d38db582e75b8b093fb3c1608d", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6ba02602aa7fc7d38db582e75b8b093fb3c1608d", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12586", "name" : "https://vuldb.com/?id.12586", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12586", "name" : "https://vuldb.com/?id.12586", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125005", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3edc3b159503d512c919b3d5902f7026e961823a", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3edc3b159503d512c919b3d5902f7026e961823a", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3edc3b159503d512c919b3d5902f7026e961823a", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3edc3b159503d512c919b3d5902f7026e961823a", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12585", "name" : "https://vuldb.com/?id.12585", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12585", "name" : "https://vuldb.com/?id.12585", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125006", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8c55ff393340998faae887dfac19e7ef128e1e58", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8c55ff393340998faae887dfac19e7ef128e1e58", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8c55ff393340998faae887dfac19e7ef128e1e58", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8c55ff393340998faae887dfac19e7ef128e1e58", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12584", "name" : "https://vuldb.com/?id.12584", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12584", "name" : "https://vuldb.com/?id.12584", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125007", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=dfefc9097e9b4bb20442e65454a40043bd189b3d", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=dfefc9097e9b4bb20442e65454a40043bd189b3d", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=dfefc9097e9b4bb20442e65454a40043bd189b3d", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=dfefc9097e9b4bb20442e65454a40043bd189b3d", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12583", "name" : "https://vuldb.com/?id.12583", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12583", "name" : "https://vuldb.com/?id.12583", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125008", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=f5d1d1e4667ba346ea7e0f97e6d2756bc9d4abde", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=f5d1d1e4667ba346ea7e0f97e6d2756bc9d4abde", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=f5d1d1e4667ba346ea7e0f97e6d2756bc9d4abde", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=f5d1d1e4667ba346ea7e0f97e6d2756bc9d4abde", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12582", "name" : "https://vuldb.com/?id.12582", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12582", "name" : "https://vuldb.com/?id.12582", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125009", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=61d59703c91869f4e5cdacd8d6be52f8b89d4ba4", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=61d59703c91869f4e5cdacd8d6be52f8b89d4ba4", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=61d59703c91869f4e5cdacd8d6be52f8b89d4ba4", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=61d59703c91869f4e5cdacd8d6be52f8b89d4ba4", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12393", "name" : "https://vuldb.com/?id.12393", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12393", "name" : "https://vuldb.com/?id.12393", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125010", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=91253839e14cce9793ee93f184cef609ca8195d5", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=91253839e14cce9793ee93f184cef609ca8195d5", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=91253839e14cce9793ee93f184cef609ca8195d5", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=91253839e14cce9793ee93f184cef609ca8195d5", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12392", "name" : "https://vuldb.com/?id.12392", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12392", "name" : "https://vuldb.com/?id.12392", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125011", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-681" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d42ec8433c687fcbccefa51a7716d81920218e4f", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d42ec8433c687fcbccefa51a7716d81920218e4f", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d42ec8433c687fcbccefa51a7716d81920218e4f", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d42ec8433c687fcbccefa51a7716d81920218e4f", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12391", "name" : "https://vuldb.com/?id.12391", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12391", "name" : "https://vuldb.com/?id.12391", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125012", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-681" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a392bf657015c9a79a5a13adfbfb15086c1943b9", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a392bf657015c9a79a5a13adfbfb15086c1943b9", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a392bf657015c9a79a5a13adfbfb15086c1943b9", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a392bf657015c9a79a5a13adfbfb15086c1943b9", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12390", "name" : "https://vuldb.com/?id.12390", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12390", "name" : "https://vuldb.com/?id.12390", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125013", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12389", "name" : "https://vuldb.com/?id.12389", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12389", "name" : "https://vuldb.com/?id.12389", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125014", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d1e6602665", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d1e6602665", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d1e6602665", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d1e6602665", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12367", "name" : "https://vuldb.com/?id.12367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12367", "name" : "https://vuldb.com/?id.12367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125015", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=18f94df8af", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=18f94df8af", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=18f94df8af", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=18f94df8af", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12366", "name" : "https://vuldb.com/?id.12366", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12366", "name" : "https://vuldb.com/?id.12366", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125016", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e5c7229999", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e5c7229999", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e5c7229999", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e5c7229999", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12365", "name" : "https://vuldb.com/?id.12365", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12365", "name" : "https://vuldb.com/?id.12365", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125017", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=77bb0004bbe18f1498cfecdc68db5f10808b6599", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=77bb0004bbe18f1498cfecdc68db5f10808b6599", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=77bb0004bbe18f1498cfecdc68db5f10808b6599", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=77bb0004bbe18f1498cfecdc68db5f10808b6599", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12340", "name" : "https://vuldb.com/?id.12340", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12340", "name" : "https://vuldb.com/?id.12340", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-18T07:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125018", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8a3b85f3a7", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8a3b85f3a7", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8a3b85f3a7", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8a3b85f3a7", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12296", "name" : "https://vuldb.com/?id.12296", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12296", "name" : "https://vuldb.com/?id.12296", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-19T06:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125019", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=b25e84b739", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=b25e84b739", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=b25e84b739", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=b25e84b739", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12297", "name" : "https://vuldb.com/?id.12297", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12297", "name" : "https://vuldb.com/?id.12297", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_nal_unit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-19T06:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125020", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1f097d168d", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1f097d168d", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1f097d168d", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1f097d168d", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12298", "name" : "https://vuldb.com/?id.12298", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12298", "name" : "https://vuldb.com/?id.12298", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-19T06:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125021", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=5430839144", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=5430839144", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=5430839144", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=5430839144", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12299", "name" : "https://vuldb.com/?id.12299", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12299", "name" : "https://vuldb.com/?id.12299", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-19T06:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125022", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1713eec29a", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1713eec29a", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1713eec29a", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1713eec29a", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12300", "name" : "https://vuldb.com/?id.12300", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12300", "name" : "https://vuldb.com/?id.12300", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-19T06:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125023", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=2240e2078d", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=2240e2078d", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=2240e2078d", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=2240e2078d", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12301", "name" : "https://vuldb.com/?id.12301", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12301", "name" : "https://vuldb.com/?id.12301", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-19T06:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125024", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=4c3e1956ee", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=4c3e1956ee", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=4c3e1956ee", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=4c3e1956ee", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12302", "name" : "https://vuldb.com/?id.12302", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12302", "name" : "https://vuldb.com/?id.12302", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-19T06:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125025", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e42ccb9db", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e42ccb9db", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e42ccb9db", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e42ccb9db", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.12303", "name" : "https://vuldb.com/?id.12303", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.12303", "name" : "https://vuldb.com/?id.12303", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-06-19T06:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125026", "ASSIGNER" : "security@golang.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898", "name" : "https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898", "name" : "https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/cloudflare/golz4/issues/5", "name" : "https://github.com/cloudflare/golz4/issues/5", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/cloudflare/golz4/issues/5", "name" : "https://github.com/cloudflare/golz4/issues/5", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://pkg.go.dev/vuln/GO-2020-0022", "name" : "https://pkg.go.dev/vuln/GO-2020-0022", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://pkg.go.dev/vuln/GO-2020-0022", "name" : "https://pkg.go.dev/vuln/GO-2020-0022", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudflare:golz4:*:*:*:*:*:go:*:*", "versionEndExcluding" : "2014-07-11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2022-12-27T22:15Z", "lastModifiedDate" : "2025-04-11T23:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125027", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yunasc/tbdev/commit/0ba3fd4be29dd48fa4455c236a9403b3149a4fd4", "name" : "https://github.com/yunasc/tbdev/commit/0ba3fd4be29dd48fa4455c236a9403b3149a4fd4", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/yunasc/tbdev/commit/0ba3fd4be29dd48fa4455c236a9403b3149a4fd4", "name" : "https://github.com/yunasc/tbdev/commit/0ba3fd4be29dd48fa4455c236a9403b3149a4fd4", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/yunasc/tbdev/releases/tag/v2.1.18", "name" : "https://github.com/yunasc/tbdev/releases/tag/v2.1.18", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/yunasc/tbdev/releases/tag/v2.1.18", "name" : "https://github.com/yunasc/tbdev/releases/tag/v2.1.18", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217147", "name" : "https://vuldb.com/?ctiid.217147", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217147", "name" : "https://vuldb.com/?ctiid.217147", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217147", "name" : "https://vuldb.com/?id.217147", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217147", "name" : "https://vuldb.com/?id.217147", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.18 is able to address this issue. The patch is named 0ba3fd4be29dd48fa4455c236a9403b3149a4fd4. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217147." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tbdev_project:tbdev:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1.18", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2022-12-31T16:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125028", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295f", "name" : "https://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295f", "name" : "https://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217148", "name" : "https://vuldb.com/?ctiid.217148", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217148", "name" : "https://vuldb.com/?ctiid.217148", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217148", "name" : "https://vuldb.com/?id.217148", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217148", "name" : "https://vuldb.com/?id.217148", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:valtech:idp_test_clients:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-09-25", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2022-12-31T20:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125029", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ttskch/PaginationServiceProvider/commit/619de478efce17ece1a3b913ab16e40651e1ea7b", "name" : "https://github.com/ttskch/PaginationServiceProvider/commit/619de478efce17ece1a3b913ab16e40651e1ea7b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ttskch/PaginationServiceProvider/commit/619de478efce17ece1a3b913ab16e40651e1ea7b", "name" : "https://github.com/ttskch/PaginationServiceProvider/commit/619de478efce17ece1a3b913ab16e40651e1ea7b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ttskch/PaginationServiceProvider/releases/tag/1.0.0", "name" : "https://github.com/ttskch/PaginationServiceProvider/releases/tag/1.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/ttskch/PaginationServiceProvider/releases/tag/1.0.0", "name" : "https://github.com/ttskch/PaginationServiceProvider/releases/tag/1.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217150", "name" : "https://vuldb.com/?ctiid.217150", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.217150", "name" : "https://vuldb.com/?ctiid.217150", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217150", "name" : "https://vuldb.com/?id.217150", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217150", "name" : "https://vuldb.com/?id.217150", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 619de478efce17ece1a3b913ab16e40651e1ea7b. It is recommended to upgrade the affected component. VDB-217150 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paginationserviceprovider_project:paginationserviceprovider:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T22:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125030", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/taoeffect/empress/commit/557e177d8a309d6f0f26de46efb38d43e000852d", "name" : "https://github.com/taoeffect/empress/commit/557e177d8a309d6f0f26de46efb38d43e000852d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/taoeffect/empress/commit/557e177d8a309d6f0f26de46efb38d43e000852d", "name" : "https://github.com/taoeffect/empress/commit/557e177d8a309d6f0f26de46efb38d43e000852d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/taoeffect/empress/pull/61", "name" : "https://github.com/taoeffect/empress/pull/61", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/taoeffect/empress/pull/61", "name" : "https://github.com/taoeffect/empress/pull/61", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217154", "name" : "https://vuldb.com/?ctiid.217154", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217154", "name" : "https://vuldb.com/?ctiid.217154", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217154", "name" : "https://vuldb.com/?id.217154", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217154", "name" : "https://vuldb.com/?id.217154", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The patch is identified as 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a patch to fix this issue. VDB-217154 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:empress_project:empress:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-12-02", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-01T09:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125031", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/kirill2485/TekNet/commit/1c575340539f983333aa43fc58ecd76eb53e1816", "name" : "https://github.com/kirill2485/TekNet/commit/1c575340539f983333aa43fc58ecd76eb53e1816", "refsource" : "", "tags" : [ "Not Applicable", "Third Party Advisory" ] }, { "url" : "https://github.com/kirill2485/TekNet/commit/1c575340539f983333aa43fc58ecd76eb53e1816", "name" : "https://github.com/kirill2485/TekNet/commit/1c575340539f983333aa43fc58ecd76eb53e1816", "refsource" : "", "tags" : [ "Not Applicable", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217176", "name" : "https://vuldb.com/?ctiid.217176", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217176", "name" : "https://vuldb.com/?ctiid.217176", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217176", "name" : "https://vuldb.com/?id.217176", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217176", "name" : "https://vuldb.com/?id.217176", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in kirill2485 TekNet. It has been classified as problematic. Affected is an unknown function of the file pages/loggedin.php. The manipulation of the argument statusentery leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 1c575340539f983333aa43fc58ecd76eb53e1816. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217176." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:teknet_project:teknet:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-02T08:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125032", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/porpeeranut/go-with-me/commit/b92451e4f9e85e26cf493c95ea0a69e354c35df9", "name" : "https://github.com/porpeeranut/go-with-me/commit/b92451e4f9e85e26cf493c95ea0a69e354c35df9", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/porpeeranut/go-with-me/commit/b92451e4f9e85e26cf493c95ea0a69e354c35df9", "name" : "https://github.com/porpeeranut/go-with-me/commit/b92451e4f9e85e26cf493c95ea0a69e354c35df9", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217177", "name" : "https://vuldb.com/?ctiid.217177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217177", "name" : "https://vuldb.com/?ctiid.217177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217177", "name" : "https://vuldb.com/?id.217177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217177", "name" : "https://vuldb.com/?id.217177", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in porpeeranut go-with-me. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file module/frontend/add.php. The manipulation leads to sql injection. The identifier of the patch is b92451e4f9e85e26cf493c95ea0a69e354c35df9. It is recommended to apply a patch to fix this issue. The identifier VDB-217177 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:go-with-me_project:go-with-me:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-12-08", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-02T08:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125033", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863", "name" : "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863", "name" : "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217178", "name" : "https://vuldb.com/?ctiid.217178", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217178", "name" : "https://vuldb.com/?ctiid.217178", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217178", "name" : "https://vuldb.com/?id.217178", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217178", "name" : "https://vuldb.com/?id.217178", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rails-cv-app_project:rails-cv-app:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-11-16", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2023-01-02T08:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125034", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/stiiv/contact_app/commit/67bec33f559da9d41a1b45eb9e992bd8683a7f8c", "name" : "https://github.com/stiiv/contact_app/commit/67bec33f559da9d41a1b45eb9e992bd8683a7f8c", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/stiiv/contact_app/commit/67bec33f559da9d41a1b45eb9e992bd8683a7f8c", "name" : "https://github.com/stiiv/contact_app/commit/67bec33f559da9d41a1b45eb9e992bd8683a7f8c", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217183", "name" : "https://vuldb.com/?ctiid.217183", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217183", "name" : "https://vuldb.com/?ctiid.217183", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217183", "name" : "https://vuldb.com/?id.217183", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217183", "name" : "https://vuldb.com/?id.217183", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in stiiv contact_app and classified as problematic. Affected by this vulnerability is the function render of the file libs/View.php. The manipulation of the argument var leads to cross site scripting. The attack can be launched remotely. The patch is named 67bec33f559da9d41a1b45eb9e992bd8683a7f8c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217183." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:contact_app_project:contact_app:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-12-04", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-02T11:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125035", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mrbobbybryant/Jobs-Plugin/commit/b8a56718b1d42834c6ec51d9c489c5dc20471d7b", "name" : "https://github.com/mrbobbybryant/Jobs-Plugin/commit/b8a56718b1d42834c6ec51d9c489c5dc20471d7b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/mrbobbybryant/Jobs-Plugin/commit/b8a56718b1d42834c6ec51d9c489c5dc20471d7b", "name" : "https://github.com/mrbobbybryant/Jobs-Plugin/commit/b8a56718b1d42834c6ec51d9c489c5dc20471d7b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/mrbobbybryant/Jobs-Plugin/pull/2", "name" : "https://github.com/mrbobbybryant/Jobs-Plugin/pull/2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/mrbobbybryant/Jobs-Plugin/pull/2", "name" : "https://github.com/mrbobbybryant/Jobs-Plugin/pull/2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217189", "name" : "https://vuldb.com/?ctiid.217189", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217189", "name" : "https://vuldb.com/?ctiid.217189", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217189", "name" : "https://vuldb.com/?id.217189", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217189", "name" : "https://vuldb.com/?id.217189", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is recommended to apply a patch to fix this issue. The identifier VDB-217189 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jobs-plugin_project:jobs-plugin:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-12-01", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-02T16:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125036", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/drybjed/ansible-ntp/commit/ed4ca2cf012677973c220cdba36b5c60bfa0260b", "name" : "https://github.com/drybjed/ansible-ntp/commit/ed4ca2cf012677973c220cdba36b5c60bfa0260b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/drybjed/ansible-ntp/commit/ed4ca2cf012677973c220cdba36b5c60bfa0260b", "name" : "https://github.com/drybjed/ansible-ntp/commit/ed4ca2cf012677973c220cdba36b5c60bfa0260b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217190", "name" : "https://vuldb.com/?ctiid.217190", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217190", "name" : "https://vuldb.com/?ctiid.217190", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217190", "name" : "https://vuldb.com/?id.217190", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217190", "name" : "https://vuldb.com/?id.217190", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as ed4ca2cf012677973c220cdba36b5c60bfa0260b. It is recommended to apply a patch to fix this issue. VDB-217190 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ansible-ntp_project:ansible-ntp:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-10-08", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2023-01-02T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125037", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/elizabrock/license-to-kill/commit/cd11cf174f361c98e9b1b4c281aa7b77f46b5078", "name" : "https://github.com/elizabrock/license-to-kill/commit/cd11cf174f361c98e9b1b4c281aa7b77f46b5078", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/elizabrock/license-to-kill/commit/cd11cf174f361c98e9b1b4c281aa7b77f46b5078", "name" : "https://github.com/elizabrock/license-to-kill/commit/cd11cf174f361c98e9b1b4c281aa7b77f46b5078", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217191", "name" : "https://vuldb.com/?ctiid.217191", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217191", "name" : "https://vuldb.com/?ctiid.217191", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217191", "name" : "https://vuldb.com/?id.217191", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217191", "name" : "https://vuldb.com/?id.217191", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in License to Kill. This affects an unknown part of the file models/injury.rb. The manipulation of the argument name leads to sql injection. The patch is named cd11cf174f361c98e9b1b4c281aa7b77f46b5078. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217191." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:license_to_kill_project:license_to_kill:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-05-01", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-02T18:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125038", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/rfsimoes/IS_Projecto2/commit/aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0", "name" : "https://github.com/rfsimoes/IS_Projecto2/commit/aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/rfsimoes/IS_Projecto2/commit/aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0", "name" : "https://github.com/rfsimoes/IS_Projecto2/commit/aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217192", "name" : "https://vuldb.com/?ctiid.217192", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217192", "name" : "https://vuldb.com/?ctiid.217192", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217192", "name" : "https://vuldb.com/?id.217192", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217192", "name" : "https://vuldb.com/?id.217192", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in IS_Projecto2 and classified as critical. This vulnerability affects unknown code of the file Cnn-EJB/ejbModule/ejbs/NewsBean.java. The manipulation of the argument date leads to sql injection. The name of the patch is aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217192." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:is_projecto2_project:is_projecto2:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-11-12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-02T18:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125039", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/kkokko/NeoXplora/commit/dce1aecd6ee050a29f953ffd8f02f21c7c13f1e6", "name" : "https://github.com/kkokko/NeoXplora/commit/dce1aecd6ee050a29f953ffd8f02f21c7c13f1e6", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/kkokko/NeoXplora/commit/dce1aecd6ee050a29f953ffd8f02f21c7c13f1e6", "name" : "https://github.com/kkokko/NeoXplora/commit/dce1aecd6ee050a29f953ffd8f02f21c7c13f1e6", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217352", "name" : "https://vuldb.com/?ctiid.217352", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217352", "name" : "https://vuldb.com/?ctiid.217352", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217352", "name" : "https://vuldb.com/?id.217352", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217352", "name" : "https://vuldb.com/?id.217352", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in kkokko NeoXplora. Affected by this issue is some unknown functionality of the component Trainer Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dce1aecd6ee050a29f953ffd8f02f21c7c13f1e6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217352." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:neoxplora_project:neoxplora:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-09-30", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-04T10:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125040", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/stevejagodzinski/DevNewsAggregator/commit/b9de907e7a8c9ca9d75295da675e58c5bf06b172", "name" : "https://github.com/stevejagodzinski/DevNewsAggregator/commit/b9de907e7a8c9ca9d75295da675e58c5bf06b172", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/stevejagodzinski/DevNewsAggregator/commit/b9de907e7a8c9ca9d75295da675e58c5bf06b172", "name" : "https://github.com/stevejagodzinski/DevNewsAggregator/commit/b9de907e7a8c9ca9d75295da675e58c5bf06b172", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217484", "name" : "https://vuldb.com/?ctiid.217484", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217484", "name" : "https://vuldb.com/?ctiid.217484", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217484", "name" : "https://vuldb.com/?id.217484", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217484", "name" : "https://vuldb.com/?id.217484", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAccess.php. The manipulation of the argument name leads to sql injection. The name of the patch is b9de907e7a8c9ca9d75295da675e58c5bf06b172. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217484." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:devnewsaggregator_project:devnewsaggregator:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-11-30", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-05T14:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125041", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Miccighel/PR-CWT/commit/e412127d07004668e5a213932c94807d87067a1f", "name" : "https://github.com/Miccighel/PR-CWT/commit/e412127d07004668e5a213932c94807d87067a1f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Miccighel/PR-CWT/commit/e412127d07004668e5a213932c94807d87067a1f", "name" : "https://github.com/Miccighel/PR-CWT/commit/e412127d07004668e5a213932c94807d87067a1f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217486", "name" : "https://vuldb.com/?ctiid.217486", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217486", "name" : "https://vuldb.com/?ctiid.217486", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217486", "name" : "https://vuldb.com/?id.217486", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217486", "name" : "https://vuldb.com/?id.217486", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as e412127d07004668e5a213932c94807d87067a1f. It is recommended to apply a patch to fix this issue. VDB-217486 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:progetto-complementi_project:progetto-complementi:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-06-25", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-05T15:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125042", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-01-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125043", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-01-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125044", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-610" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/soshtolsus/wing-tight/commit/567bc33e6ed82b0d0179c9add707ac2b257aeaf2", "name" : "https://github.com/soshtolsus/wing-tight/commit/567bc33e6ed82b0d0179c9add707ac2b257aeaf2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/soshtolsus/wing-tight/commit/567bc33e6ed82b0d0179c9add707ac2b257aeaf2", "name" : "https://github.com/soshtolsus/wing-tight/commit/567bc33e6ed82b0d0179c9add707ac2b257aeaf2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/soshtolsus/wing-tight/releases/tag/1.0.0", "name" : "https://github.com/soshtolsus/wing-tight/releases/tag/1.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/soshtolsus/wing-tight/releases/tag/1.0.0", "name" : "https://github.com/soshtolsus/wing-tight/releases/tag/1.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217515", "name" : "https://vuldb.com/?ctiid.217515", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217515", "name" : "https://vuldb.com/?ctiid.217515", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217515", "name" : "https://vuldb.com/?id.217515", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217515", "name" : "https://vuldb.com/?id.217515", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is named 567bc33e6ed82b0d0179c9add707ac2b257aeaf2. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217515." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wing-tight_project:wing-tight:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-05T20:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125045", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Miesvanderlippe/meol1/commit/82441e413f87920d1e8f866e8ef9d7f353a7c583", "name" : "https://github.com/Miesvanderlippe/meol1/commit/82441e413f87920d1e8f866e8ef9d7f353a7c583", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Miesvanderlippe/meol1/commit/82441e413f87920d1e8f866e8ef9d7f353a7c583", "name" : "https://github.com/Miesvanderlippe/meol1/commit/82441e413f87920d1e8f866e8ef9d7f353a7c583", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217525", "name" : "https://vuldb.com/?ctiid.217525", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.217525", "name" : "https://vuldb.com/?ctiid.217525", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217525", "name" : "https://vuldb.com/?id.217525", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217525", "name" : "https://vuldb.com/?id.217525", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in meol1 and classified as critical. Affected by this vulnerability is the function GetAnimal of the file opdracht4/index.php. The manipulation of the argument where leads to sql injection. The identifier of the patch is 82441e413f87920d1e8f866e8ef9d7f353a7c583. It is recommended to apply a patch to fix this issue. The identifier VDB-217525 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:meol1_project:meol1:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-11-24", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-05T22:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125046", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Seiji42/cub-scout-tracker/commit/b4bc1a328b1f59437db159f9d136d9ed15707e31", "name" : "https://github.com/Seiji42/cub-scout-tracker/commit/b4bc1a328b1f59437db159f9d136d9ed15707e31", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Seiji42/cub-scout-tracker/commit/b4bc1a328b1f59437db159f9d136d9ed15707e31", "name" : "https://github.com/Seiji42/cub-scout-tracker/commit/b4bc1a328b1f59437db159f9d136d9ed15707e31", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217551", "name" : "https://vuldb.com/?ctiid.217551", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217551", "name" : "https://vuldb.com/?ctiid.217551", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217551", "name" : "https://vuldb.com/?id.217551", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217551", "name" : "https://vuldb.com/?id.217551", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The patch is named b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217551." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cub-scout-tracker_project:cub-scout-tracker:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9-14-2014", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-06T10:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125047", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/tbezman/school-store/commit/2957fc97054216d3a393f1775efd01ae2b072001", "name" : "https://github.com/tbezman/school-store/commit/2957fc97054216d3a393f1775efd01ae2b072001", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/tbezman/school-store/commit/2957fc97054216d3a393f1775efd01ae2b072001", "name" : "https://github.com/tbezman/school-store/commit/2957fc97054216d3a393f1775efd01ae2b072001", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217557", "name" : "https://vuldb.com/?ctiid.217557", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217557", "name" : "https://vuldb.com/?ctiid.217557", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217557", "name" : "https://vuldb.com/?id.217557", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217557", "name" : "https://vuldb.com/?id.217557", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in tbezman school-store. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 2957fc97054216d3a393f1775efd01ae2b072001. It is recommended to apply a patch to fix this issue. The identifier VDB-217557 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:school-store_project:school-store:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11-23-2014", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-06T12:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125048", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-384" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/kassi/xingwall/commit/e9f0d509e1408743048e29d9c099d36e0e1f6ae7", "name" : "https://github.com/kassi/xingwall/commit/e9f0d509e1408743048e29d9c099d36e0e1f6ae7", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/kassi/xingwall/commit/e9f0d509e1408743048e29d9c099d36e0e1f6ae7", "name" : "https://github.com/kassi/xingwall/commit/e9f0d509e1408743048e29d9c099d36e0e1f6ae7", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217559", "name" : "https://vuldb.com/?ctiid.217559", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217559", "name" : "https://vuldb.com/?ctiid.217559", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217559", "name" : "https://vuldb.com/?id.217559", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217559", "name" : "https://vuldb.com/?id.217559", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The patch is named e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kluks:xingwall:*:*:*:*:*:*:*:*", "versionEndExcluding" : "e9f0d509e1408743048e29d9c099d36e0e1f6ae7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.5 } }, "publishedDate" : "2023-01-06T13:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125049", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/typcn/Blogile/commit/cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d", "name" : "https://github.com/typcn/Blogile/commit/cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/typcn/Blogile/commit/cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d", "name" : "https://github.com/typcn/Blogile/commit/cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217560", "name" : "https://vuldb.com/?ctiid.217560", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217560", "name" : "https://vuldb.com/?ctiid.217560", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217560", "name" : "https://vuldb.com/?id.217560", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217560", "name" : "https://vuldb.com/?id.217560", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217560. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blogile_project:blogile:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-12-02", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-06T13:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125050", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ScottTZhang/voter-js/commit/6317c67a56061aeeaeed3cf9ec665fd9983d8044", "name" : "https://github.com/ScottTZhang/voter-js/commit/6317c67a56061aeeaeed3cf9ec665fd9983d8044", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ScottTZhang/voter-js/commit/6317c67a56061aeeaeed3cf9ec665fd9983d8044", "name" : "https://github.com/ScottTZhang/voter-js/commit/6317c67a56061aeeaeed3cf9ec665fd9983d8044", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ScottTZhang/voter-js/pull/15", "name" : "https://github.com/ScottTZhang/voter-js/pull/15", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ScottTZhang/voter-js/pull/15", "name" : "https://github.com/ScottTZhang/voter-js/pull/15", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217562", "name" : "https://vuldb.com/?ctiid.217562", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217562", "name" : "https://vuldb.com/?ctiid.217562", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217562", "name" : "https://vuldb.com/?id.217562", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217562", "name" : "https://vuldb.com/?id.217562", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:voter-js_project:voter-js:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-11-30", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-06T17:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125051", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/himiklab/yii2-jqgrid-widget/commit/a117e0f2df729e3ff726968794d9a5ac40e660b9", "name" : "https://github.com/himiklab/yii2-jqgrid-widget/commit/a117e0f2df729e3ff726968794d9a5ac40e660b9", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/himiklab/yii2-jqgrid-widget/commit/a117e0f2df729e3ff726968794d9a5ac40e660b9", "name" : "https://github.com/himiklab/yii2-jqgrid-widget/commit/a117e0f2df729e3ff726968794d9a5ac40e660b9", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/himiklab/yii2-jqgrid-widget/releases/tag/1.0.8", "name" : "https://github.com/himiklab/yii2-jqgrid-widget/releases/tag/1.0.8", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/himiklab/yii2-jqgrid-widget/releases/tag/1.0.8", "name" : "https://github.com/himiklab/yii2-jqgrid-widget/releases/tag/1.0.8", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217564", "name" : "https://vuldb.com/?ctiid.217564", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217564", "name" : "https://vuldb.com/?ctiid.217564", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217564", "name" : "https://vuldb.com/?id.217564", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217564", "name" : "https://vuldb.com/?id.217564", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is a117e0f2df729e3ff726968794d9a5ac40e660b9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217564." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yii2-jqgrid-widget_project:yii2-jqgrid-widget:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-06T17:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125052", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/JervenBolleman/sparql-identifiers/commit/44bb0db91c064e305b192fc73521d1dfd25bde52", "name" : "https://github.com/JervenBolleman/sparql-identifiers/commit/44bb0db91c064e305b192fc73521d1dfd25bde52", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/JervenBolleman/sparql-identifiers/commit/44bb0db91c064e305b192fc73521d1dfd25bde52", "name" : "https://github.com/JervenBolleman/sparql-identifiers/commit/44bb0db91c064e305b192fc73521d1dfd25bde52", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217571", "name" : "https://vuldb.com/?ctiid.217571", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217571", "name" : "https://vuldb.com/?ctiid.217571", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217571", "name" : "https://vuldb.com/?id.217571", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217571", "name" : "https://vuldb.com/?id.217571", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The patch is named 44bb0db91c064e305b192fc73521d1dfd25bde52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217571." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sparql-identifiers_project:sparql-identifiers:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-05-19", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-06T21:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125053", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Piwigo/Piwigo-Guest-Book/commit/0cdd1c388edf15089c3a7541cefe7756e560581d", "name" : "https://github.com/Piwigo/Piwigo-Guest-Book/commit/0cdd1c388edf15089c3a7541cefe7756e560581d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Piwigo/Piwigo-Guest-Book/commit/0cdd1c388edf15089c3a7541cefe7756e560581d", "name" : "https://github.com/Piwigo/Piwigo-Guest-Book/commit/0cdd1c388edf15089c3a7541cefe7756e560581d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Piwigo/Piwigo-Guest-Book/releases/tag/1.3.1", "name" : "https://github.com/Piwigo/Piwigo-Guest-Book/releases/tag/1.3.1", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/Piwigo/Piwigo-Guest-Book/releases/tag/1.3.1", "name" : "https://github.com/Piwigo/Piwigo-Guest-Book/releases/tag/1.3.1", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217582", "name" : "https://vuldb.com/?ctiid.217582", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.217582", "name" : "https://vuldb.com/?ctiid.217582", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217582", "name" : "https://vuldb.com/?id.217582", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217582", "name" : "https://vuldb.com/?id.217582", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. The patch is identified as 0cdd1c388edf15089c3a7541cefe7756e560581d. It is recommended to upgrade the affected component. VDB-217582 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:piwigo:guestbook:*:*:*:*:*:piwigo:*:*", "versionEndExcluding" : "1.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-06T23:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125054", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/koroket/RedditOnRails/commit/7f3c7407d95d532fcc342b00d68d0ea09ca71030", "name" : "https://github.com/koroket/RedditOnRails/commit/7f3c7407d95d532fcc342b00d68d0ea09ca71030", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/koroket/RedditOnRails/commit/7f3c7407d95d532fcc342b00d68d0ea09ca71030", "name" : "https://github.com/koroket/RedditOnRails/commit/7f3c7407d95d532fcc342b00d68d0ea09ca71030", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217594", "name" : "https://vuldb.com/?ctiid.217594", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.217594", "name" : "https://vuldb.com/?ctiid.217594", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217594", "name" : "https://vuldb.com/?id.217594", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217594", "name" : "https://vuldb.com/?id.217594", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The patch is identified as 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:reddit-on-rails_project:reddit-on-rails:*:*:*:*:*:ruby:*:*", "versionEndExcluding" : "2014-12-19", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2023-01-07T09:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125055", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/agnivade/easy-scrypt/commit/477c10cf3b144ddf96526aa09f5fdea613f21812", "name" : "https://github.com/agnivade/easy-scrypt/commit/477c10cf3b144ddf96526aa09f5fdea613f21812", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/agnivade/easy-scrypt/commit/477c10cf3b144ddf96526aa09f5fdea613f21812", "name" : "https://github.com/agnivade/easy-scrypt/commit/477c10cf3b144ddf96526aa09f5fdea613f21812", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/agnivade/easy-scrypt/releases/tag/v1.0.0", "name" : "https://github.com/agnivade/easy-scrypt/releases/tag/v1.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/agnivade/easy-scrypt/releases/tag/v1.0.0", "name" : "https://github.com/agnivade/easy-scrypt/releases/tag/v1.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217596", "name" : "https://vuldb.com/?ctiid.217596", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.217596", "name" : "https://vuldb.com/?ctiid.217596", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217596", "name" : "https://vuldb.com/?id.217596", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217596", "name" : "https://vuldb.com/?id.217596", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 477c10cf3b144ddf96526aa09f5fdea613f21812. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217596." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy-script_project:easy-script:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2023-01-07T09:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125056", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec", "name" : "https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec", "name" : "https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217598", "name" : "https://vuldb.com/?ctiid.217598", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.217598", "name" : "https://vuldb.com/?ctiid.217598", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217598", "name" : "https://vuldb.com/?id.217598", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217598", "name" : "https://vuldb.com/?id.217598", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pylonsproject:horus:*:*:*:*:*:pyramid:*:*", "versionEndExcluding" : "2014-05-07", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2023-01-07T10:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125057", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-697" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mrobit/robitailletheknot/commit/6b2813696ccb88d0576dfb305122ee880eb36197", "name" : "https://github.com/mrobit/robitailletheknot/commit/6b2813696ccb88d0576dfb305122ee880eb36197", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/mrobit/robitailletheknot/commit/6b2813696ccb88d0576dfb305122ee880eb36197", "name" : "https://github.com/mrobit/robitailletheknot/commit/6b2813696ccb88d0576dfb305122ee880eb36197", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217599", "name" : "https://vuldb.com/?ctiid.217599", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.217599", "name" : "https://vuldb.com/?ctiid.217599", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217599", "name" : "https://vuldb.com/?id.217599", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217599", "name" : "https://vuldb.com/?id.217599", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6b2813696ccb88d0576dfb305122ee880eb36197. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217599." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:robitailletheknot_project:robitailletheknot:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-11-10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T10:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125058", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/LearnMeSomeCodes/project3/commit/d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e", "name" : "https://github.com/LearnMeSomeCodes/project3/commit/d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/LearnMeSomeCodes/project3/commit/d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e", "name" : "https://github.com/LearnMeSomeCodes/project3/commit/d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217607", "name" : "https://vuldb.com/?ctiid.217607", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.217607", "name" : "https://vuldb.com/?ctiid.217607", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217607", "name" : "https://vuldb.com/?id.217607", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217607", "name" : "https://vuldb.com/?id.217607", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affects the function search_first_name of the file search.rb. The manipulation leads to sql injection. The patch is named d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217607. NOTE: Maintainer is aware of this issue as remarked in the source code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:address_book_project:address_book:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-11-22", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T11:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125059", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/sternenseemann/sternenblog/commit/cf715d911d8ce17969a7926dea651e930c27e71a", "name" : "https://github.com/sternenseemann/sternenblog/commit/cf715d911d8ce17969a7926dea651e930c27e71a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/sternenseemann/sternenblog/commit/cf715d911d8ce17969a7926dea651e930c27e71a", "name" : "https://github.com/sternenseemann/sternenblog/commit/cf715d911d8ce17969a7926dea651e930c27e71a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/sternenseemann/sternenblog/releases/tag/0.1.0", "name" : "https://github.com/sternenseemann/sternenblog/releases/tag/0.1.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/sternenseemann/sternenblog/releases/tag/0.1.0", "name" : "https://github.com/sternenseemann/sternenblog/releases/tag/0.1.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217613", "name" : "https://vuldb.com/?ctiid.217613", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217613", "name" : "https://vuldb.com/?ctiid.217613", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217613", "name" : "https://vuldb.com/?id.217613", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217613", "name" : "https://vuldb.com/?id.217613", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 0.1.0 is able to address this issue. The identifier of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sternenblog_project:sternenblog:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-08-15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T13:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125060", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/holdennb/CollabCal/commit/b80f6d1893607c99e5113967592417d0fe310ce6", "name" : "https://github.com/holdennb/CollabCal/commit/b80f6d1893607c99e5113967592417d0fe310ce6", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/holdennb/CollabCal/commit/b80f6d1893607c99e5113967592417d0fe310ce6", "name" : "https://github.com/holdennb/CollabCal/commit/b80f6d1893607c99e5113967592417d0fe310ce6", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217614", "name" : "https://vuldb.com/?ctiid.217614", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217614", "name" : "https://vuldb.com/?ctiid.217614", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217614", "name" : "https://vuldb.com/?id.217614", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217614", "name" : "https://vuldb.com/?id.217614", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The patch is identified as b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:collabcal_project:collabcal:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-12-09", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T13:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125061", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/peel/filebroker/commit/91097e26a6c84d3208a351afaa52e0f62e5853ef", "name" : "https://github.com/peel/filebroker/commit/91097e26a6c84d3208a351afaa52e0f62e5853ef", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/peel/filebroker/commit/91097e26a6c84d3208a351afaa52e0f62e5853ef", "name" : "https://github.com/peel/filebroker/commit/91097e26a6c84d3208a351afaa52e0f62e5853ef", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217616", "name" : "https://vuldb.com/?ctiid.217616", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217616", "name" : "https://vuldb.com/?ctiid.217616", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217616", "name" : "https://vuldb.com/?id.217616", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217616", "name" : "https://vuldb.com/?id.217616", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as critical. Affected by this issue is the function select_transfer_status_desc of the file lib/common.rb. The manipulation leads to sql injection. The name of the patch is 91097e26a6c84d3208a351afaa52e0f62e5853ef. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217616. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:filebroker_project:filebroker:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-02-18", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T13:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125062", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ananich/bitstorm/commit/ea8da92f94cdb78ee7831e1f7af6258473ab396a", "name" : "https://github.com/ananich/bitstorm/commit/ea8da92f94cdb78ee7831e1f7af6258473ab396a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ananich/bitstorm/commit/ea8da92f94cdb78ee7831e1f7af6258473ab396a", "name" : "https://github.com/ananich/bitstorm/commit/ea8da92f94cdb78ee7831e1f7af6258473ab396a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217621", "name" : "https://vuldb.com/?ctiid.217621", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217621", "name" : "https://vuldb.com/?ctiid.217621", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217621", "name" : "https://vuldb.com/?id.217621", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217621", "name" : "https://vuldb.com/?id.217621", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The identifier of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is recommended to apply a patch to fix this issue. The identifier VDB-217621 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bitstorm_project:bitstorm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-12-14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T17:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125063", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ada-l0velace/Bid/commit/abd71140b8219fa8741d0d8a57ab27d5bfd34222", "name" : "https://github.com/ada-l0velace/Bid/commit/abd71140b8219fa8741d0d8a57ab27d5bfd34222", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ada-l0velace/Bid/commit/abd71140b8219fa8741d0d8a57ab27d5bfd34222", "name" : "https://github.com/ada-l0velace/Bid/commit/abd71140b8219fa8741d0d8a57ab27d5bfd34222", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217625", "name" : "https://vuldb.com/?ctiid.217625", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217625", "name" : "https://vuldb.com/?ctiid.217625", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217625", "name" : "https://vuldb.com/?id.217625", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217625", "name" : "https://vuldb.com/?id.217625", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identifier of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bid_project:bid:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-12-03", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125064", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-01-07T20:15Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125065", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/john5223/bottle-auth/commit/99cfbcc0c1429096e3479744223ffb4fda276875", "name" : "https://github.com/john5223/bottle-auth/commit/99cfbcc0c1429096e3479744223ffb4fda276875", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/john5223/bottle-auth/commit/99cfbcc0c1429096e3479744223ffb4fda276875", "name" : "https://github.com/john5223/bottle-auth/commit/99cfbcc0c1429096e3479744223ffb4fda276875", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217632", "name" : "https://vuldb.com/?ctiid.217632", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217632", "name" : "https://vuldb.com/?ctiid.217632", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217632", "name" : "https://vuldb.com/?id.217632", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217632", "name" : "https://vuldb.com/?id.217632", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in john5223 bottle-auth. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is 99cfbcc0c1429096e3479744223ffb4fda276875. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217632." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bottle-auth_project:bottle-auth:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-12-15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T20:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125066", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/emmflo/yuko-bot/commit/e580584b877934a4298d4dd0c497c79e579380d0", "name" : "https://github.com/emmflo/yuko-bot/commit/e580584b877934a4298d4dd0c497c79e579380d0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/emmflo/yuko-bot/commit/e580584b877934a4298d4dd0c497c79e579380d0", "name" : "https://github.com/emmflo/yuko-bot/commit/e580584b877934a4298d4dd0c497c79e579380d0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217636", "name" : "https://vuldb.com/?ctiid.217636", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217636", "name" : "https://vuldb.com/?ctiid.217636", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217636", "name" : "https://vuldb.com/?id.217636", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217636", "name" : "https://vuldb.com/?id.217636", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in emmflo yuko-bot. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument title leads to denial of service. The attack can be initiated remotely. The name of the patch is e580584b877934a4298d4dd0c497c79e579380d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217636." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yuko-bot_project:yuko-bot:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11-13-2014", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2023-01-08T09:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125067", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/corincerami/curiosity/commit/d64fddd74ca72714e73f4efe24259ca05c8190eb", "name" : "https://github.com/corincerami/curiosity/commit/d64fddd74ca72714e73f4efe24259ca05c8190eb", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/corincerami/curiosity/commit/d64fddd74ca72714e73f4efe24259ca05c8190eb", "name" : "https://github.com/corincerami/curiosity/commit/d64fddd74ca72714e73f4efe24259ca05c8190eb", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.217639", "name" : "https://vuldb.com/?ctiid.217639", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217639", "name" : "https://vuldb.com/?ctiid.217639", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217639", "name" : "https://vuldb.com/?id.217639", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217639", "name" : "https://vuldb.com/?id.217639", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/image_controller.rb. The manipulation of the argument sol leads to sql injection. The patch is named d64fddd74ca72714e73f4efe24259ca05c8190eb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217639." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:curiosity_project:curiosity:*:*:*:*:*:*:*:*", "versionEndExcluding" : "12-07-2014", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-08T10:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125068", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a", "name" : "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a", "name" : "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217643", "name" : "https://vuldb.com/?ctiid.217643", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217643", "name" : "https://vuldb.com/?ctiid.217643", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217643", "name" : "https://vuldb.com/?id.217643", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217643", "name" : "https://vuldb.com/?id.217643", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The patch is named 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217643." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:maps-js-icoads_project:maps-js-icoads:*:*:*:*:*:*:*:*", "versionEndExcluding" : "09-02-2014", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2023-01-08T11:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125069", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a", "name" : "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a", "name" : "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217644", "name" : "https://vuldb.com/?ctiid.217644", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217644", "name" : "https://vuldb.com/?ctiid.217644", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217644", "name" : "https://vuldb.com/?id.217644", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217644", "name" : "https://vuldb.com/?id.217644", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:maps-js-icoads_project:maps-js-icoads:*:*:*:*:*:*:*:*", "versionEndExcluding" : "09-02-2014", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2023-01-08T11:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125070", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yanheven/console/commit/ba908ae88d5925f4f6783eb234cc4ea95017472b", "name" : "https://github.com/yanheven/console/commit/ba908ae88d5925f4f6783eb234cc4ea95017472b", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/yanheven/console/commit/ba908ae88d5925f4f6783eb234cc4ea95017472b", "name" : "https://github.com/yanheven/console/commit/ba908ae88d5925f4f6783eb234cc4ea95017472b", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.217651", "name" : "https://vuldb.com/?ctiid.217651", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217651", "name" : "https://vuldb.com/?ctiid.217651", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217651", "name" : "https://vuldb.com/?id.217651", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217651", "name" : "https://vuldb.com/?id.217651", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in yanheven console and classified as problematic. Affected by this vulnerability is the function get_zone_hosts/AvailabilityZonesTable of the file openstack_dashboard/dashboards/admin/aggregates/tables.py. The manipulation leads to cross site scripting. The attack can be launched remotely. The patch is named ba908ae88d5925f4f6783eb234cc4ea95017472b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217651." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:console_project:console:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-08-19", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-08T18:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125071", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-346" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/lukehutch/gribbit/commit/620418df247aebda3dd4be1dda10fe229ea505dd", "name" : "https://github.com/lukehutch/gribbit/commit/620418df247aebda3dd4be1dda10fe229ea505dd", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/lukehutch/gribbit/commit/620418df247aebda3dd4be1dda10fe229ea505dd", "name" : "https://github.com/lukehutch/gribbit/commit/620418df247aebda3dd4be1dda10fe229ea505dd", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217716", "name" : "https://vuldb.com/?ctiid.217716", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217716", "name" : "https://vuldb.com/?ctiid.217716", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217716", "name" : "https://vuldb.com/?id.217716", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217716", "name" : "https://vuldb.com/?id.217716", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217716." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gribbit_project:gribbit:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-12-31", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-09T21:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125072", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/CherishSin/klattr/commit/f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1", "name" : "https://github.com/CherishSin/klattr/commit/f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/CherishSin/klattr/commit/f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1", "name" : "https://github.com/CherishSin/klattr/commit/f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.217719", "name" : "https://vuldb.com/?ctiid.217719", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217719", "name" : "https://vuldb.com/?ctiid.217719", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217719", "name" : "https://vuldb.com/?id.217719", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217719", "name" : "https://vuldb.com/?id.217719", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The patch is named f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:klattr_project:klattr:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-09-04", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-09T22:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125073", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mapoor/voteapp/commit/b290c21a0d8bcdbd55db860afd3cadec97388e72", "name" : "https://github.com/mapoor/voteapp/commit/b290c21a0d8bcdbd55db860afd3cadec97388e72", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/mapoor/voteapp/commit/b290c21a0d8bcdbd55db860afd3cadec97388e72", "name" : "https://github.com/mapoor/voteapp/commit/b290c21a0d8bcdbd55db860afd3cadec97388e72", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217790", "name" : "https://vuldb.com/?ctiid.217790", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217790", "name" : "https://vuldb.com/?ctiid.217790", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217790", "name" : "https://vuldb.com/?id.217790", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217790", "name" : "https://vuldb.com/?id.217790", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh of the file app.py. The manipulation leads to sql injection. The patch is identified as b290c21a0d8bcdbd55db860afd3cadec97388e72. It is recommended to apply a patch to fix this issue. VDB-217790 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:voteapp_project:voteapp:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-12-30", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-10T16:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125074", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Nayshlok/Voyager/commit/f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae", "name" : "https://github.com/Nayshlok/Voyager/commit/f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/Nayshlok/Voyager/commit/f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae", "name" : "https://github.com/Nayshlok/Voyager/commit/f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.218005", "name" : "https://vuldb.com/?ctiid.218005", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218005", "name" : "https://vuldb.com/?ctiid.218005", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218005", "name" : "https://vuldb.com/?id.218005", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218005", "name" : "https://vuldb.com/?id.218005", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The identifier of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:voyager_project:voyager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-11-17", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-11T15:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125075", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ChrisMcMStone/gmail-servlet/commit/5d72753c2e95bb373aa86824939397dc25f679ea", "name" : "https://github.com/ChrisMcMStone/gmail-servlet/commit/5d72753c2e95bb373aa86824939397dc25f679ea", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/ChrisMcMStone/gmail-servlet/commit/5d72753c2e95bb373aa86824939397dc25f679ea", "name" : "https://github.com/ChrisMcMStone/gmail-servlet/commit/5d72753c2e95bb373aa86824939397dc25f679ea", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.218021", "name" : "https://vuldb.com/?ctiid.218021", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218021", "name" : "https://vuldb.com/?ctiid.218021", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218021", "name" : "https://vuldb.com/?id.218021", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218021", "name" : "https://vuldb.com/?id.218021", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The identifier of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix this issue. The identifier VDB-218021 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gmail-servlet_project:gmail-servlet:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-11T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125076", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/NoxxieNl/Criminals/commit/0a60b31271d4cbf8babe4be993d2a3a1617f0897", "name" : "https://github.com/NoxxieNl/Criminals/commit/0a60b31271d4cbf8babe4be993d2a3a1617f0897", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/NoxxieNl/Criminals/commit/0a60b31271d4cbf8babe4be993d2a3a1617f0897", "name" : "https://github.com/NoxxieNl/Criminals/commit/0a60b31271d4cbf8babe4be993d2a3a1617f0897", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.218022", "name" : "https://vuldb.com/?ctiid.218022", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218022", "name" : "https://vuldb.com/?ctiid.218022", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218022", "name" : "https://vuldb.com/?id.218022", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218022", "name" : "https://vuldb.com/?id.218022", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an unknown function of the file ingame/roulette.php. The manipulation of the argument gambleMoney leads to sql injection. The patch is identified as 0a60b31271d4cbf8babe4be993d2a3a1617f0897. It is recommended to apply a patch to fix this issue. VDB-218022 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:criminals_project:criminals:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-11T19:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125077", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/pointhi/searx_stats/commit/281bd679a4474ddb222d16c1c380f252839cc18f", "name" : "https://github.com/pointhi/searx_stats/commit/281bd679a4474ddb222d16c1c380f252839cc18f", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/pointhi/searx_stats/commit/281bd679a4474ddb222d16c1c380f252839cc18f", "name" : "https://github.com/pointhi/searx_stats/commit/281bd679a4474ddb222d16c1c380f252839cc18f", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.218351", "name" : "https://vuldb.com/?ctiid.218351", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218351", "name" : "https://vuldb.com/?ctiid.218351", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218351", "name" : "https://vuldb.com/?id.218351", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218351", "name" : "https://vuldb.com/?id.218351", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in pointhi searx_stats. This issue affects some unknown processing of the file cgi/cron.php. The manipulation leads to sql injection. The patch is named 281bd679a4474ddb222d16c1c380f252839cc18f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218351." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:searx_stats_project:searx_stats:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-12-19", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-15T09:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125078", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yanheven/console/commit/32a7b713468161282f2ea01d5e2faff980d924cd", "name" : "https://github.com/yanheven/console/commit/32a7b713468161282f2ea01d5e2faff980d924cd", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/yanheven/console/commit/32a7b713468161282f2ea01d5e2faff980d924cd", "name" : "https://github.com/yanheven/console/commit/32a7b713468161282f2ea01d5e2faff980d924cd", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.218354", "name" : "https://vuldb.com/?ctiid.218354", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218354", "name" : "https://vuldb.com/?ctiid.218354", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218354", "name" : "https://vuldb.com/?id.218354", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218354", "name" : "https://vuldb.com/?id.218354", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The patch is identified as 32a7b713468161282f2ea01d5e2faff980d924cd. It is recommended to apply a patch to fix this issue. VDB-218354 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:horizon_project:horizon:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-07-08", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-15T09:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125079", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/agy/pontifex.http/commit/e52a758f96861dcef2dabfecb9da191bb2e07761", "name" : "https://github.com/agy/pontifex.http/commit/e52a758f96861dcef2dabfecb9da191bb2e07761", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/agy/pontifex.http/commit/e52a758f96861dcef2dabfecb9da191bb2e07761", "name" : "https://github.com/agy/pontifex.http/commit/e52a758f96861dcef2dabfecb9da191bb2e07761", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/agy/pontifex.http/releases/tag/v0.1.0", "name" : "https://github.com/agy/pontifex.http/releases/tag/v0.1.0", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/agy/pontifex.http/releases/tag/v0.1.0", "name" : "https://github.com/agy/pontifex.http/releases/tag/v0.1.0", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218356", "name" : "https://vuldb.com/?ctiid.218356", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218356", "name" : "https://vuldb.com/?ctiid.218356", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218356", "name" : "https://vuldb.com/?id.218356", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218356", "name" : "https://vuldb.com/?id.218356", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in agy pontifex.http. It has been declared as critical. This vulnerability affects unknown code of the file lib/Http.coffee. The manipulation leads to sql injection. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is e52a758f96861dcef2dabfecb9da191bb2e07761. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218356." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pontifex.http_project:pontifex.http:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-15T09:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125080", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/frontaccounting/faplanet/commit/a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50", "name" : "https://github.com/frontaccounting/faplanet/commit/a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/frontaccounting/faplanet/commit/a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50", "name" : "https://github.com/frontaccounting/faplanet/commit/a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.218398", "name" : "https://vuldb.com/?ctiid.218398", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218398", "name" : "https://vuldb.com/?ctiid.218398", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218398", "name" : "https://vuldb.com/?id.218398", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218398", "name" : "https://vuldb.com/?id.218398", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The patch is identified as a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:faplanet_project:faplanet:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-05-21", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-16T18:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125081", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/risheesh/debutsav/commit/7a8430df79277c613449262201cc792db894fc76", "name" : "https://github.com/risheesh/debutsav/commit/7a8430df79277c613449262201cc792db894fc76", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/risheesh/debutsav/commit/7a8430df79277c613449262201cc792db894fc76", "name" : "https://github.com/risheesh/debutsav/commit/7a8430df79277c613449262201cc792db894fc76", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218459", "name" : "https://vuldb.com/?ctiid.218459", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.218459", "name" : "https://vuldb.com/?ctiid.218459", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218459", "name" : "https://vuldb.com/?id.218459", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218459", "name" : "https://vuldb.com/?id.218459", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in risheesh debutsav. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named 7a8430df79277c613449262201cc792db894fc76. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218459." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debutsav_project:debutsav:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-10-05", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-17T23:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125082", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/nivit/redports/commit/fc2c1ea1b8d795094abb15ac73cab90830534e04", "name" : "https://github.com/nivit/redports/commit/fc2c1ea1b8d795094abb15ac73cab90830534e04", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/nivit/redports/commit/fc2c1ea1b8d795094abb15ac73cab90830534e04", "name" : "https://github.com/nivit/redports/commit/fc2c1ea1b8d795094abb15ac73cab90830534e04", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218464", "name" : "https://vuldb.com/?ctiid.218464", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.218464", "name" : "https://vuldb.com/?ctiid.218464", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218464", "name" : "https://vuldb.com/?id.218464", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218464", "name" : "https://vuldb.com/?id.218464", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in nivit redports. It has been declared as critical. This vulnerability affects unknown code of the file redports-trac/redports/model.py. The manipulation leads to sql injection. The name of the patch is fc2c1ea1b8d795094abb15ac73cab90830534e04. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218464." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redports_project:redports:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-01-14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-18T00:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125083", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/AnantLabs/google-enterprise-connector-dctm/commit/6fba04f18ab7764002a1da308e7cd9712b501cb7", "name" : "https://github.com/AnantLabs/google-enterprise-connector-dctm/commit/6fba04f18ab7764002a1da308e7cd9712b501cb7", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/AnantLabs/google-enterprise-connector-dctm/commit/6fba04f18ab7764002a1da308e7cd9712b501cb7", "name" : "https://github.com/AnantLabs/google-enterprise-connector-dctm/commit/6fba04f18ab7764002a1da308e7cd9712b501cb7", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.218911", "name" : "https://vuldb.com/?ctiid.218911", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218911", "name" : "https://vuldb.com/?ctiid.218911", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218911", "name" : "https://vuldb.com/?id.218911", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218911", "name" : "https://vuldb.com/?id.218911", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The patch is named 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:anant:google-enterprise-connector-dctm:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.2.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-19T10:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125084", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/gimmie/vbulletin-v4/commit/7194a09353dd24a274678383a4418f2fd3fce6f7", "name" : "https://github.com/gimmie/vbulletin-v4/commit/7194a09353dd24a274678383a4418f2fd3fce6f7", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/gimmie/vbulletin-v4/commit/7194a09353dd24a274678383a4418f2fd3fce6f7", "name" : "https://github.com/gimmie/vbulletin-v4/commit/7194a09353dd24a274678383a4418f2fd3fce6f7", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0", "name" : "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0", "name" : "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.220205", "name" : "https://vuldb.com/?ctiid.220205", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.220205", "name" : "https://vuldb.com/?ctiid.220205", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220205", "name" : "https://vuldb.com/?id.220205", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220205", "name" : "https://vuldb.com/?id.220205", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2 on vBulletin. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The identifier of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gimmie_project:gimmie:*:*:*:*:*:vbulletin:*:*", "versionEndExcluding" : "1.3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-02-06T00:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125085", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/gimmie/vbulletin-v4/commit/f11a136e9cbd24997354965178728dc22a2aa2ed", "name" : "https://github.com/gimmie/vbulletin-v4/commit/f11a136e9cbd24997354965178728dc22a2aa2ed", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/gimmie/vbulletin-v4/commit/f11a136e9cbd24997354965178728dc22a2aa2ed", "name" : "https://github.com/gimmie/vbulletin-v4/commit/f11a136e9cbd24997354965178728dc22a2aa2ed", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0", "name" : "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0", "name" : "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.220206", "name" : "https://vuldb.com/?ctiid.220206", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.220206", "name" : "https://vuldb.com/?ctiid.220206", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220206", "name" : "https://vuldb.com/?id.220206", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220206", "name" : "https://vuldb.com/?id.220206", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2 on vBulletin. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The patch is identified as f11a136e9cbd24997354965178728dc22a2aa2ed. It is recommended to upgrade the affected component. VDB-220206 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gimmie_project:gimmie:*:*:*:*:*:vbulletin:*:*", "versionEndExcluding" : "1.3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-02-06T00:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125086", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/gimmie/vbulletin-v4/commit/fe851002d20a8d6196a5abb68bafec4102964d5b", "name" : "https://github.com/gimmie/vbulletin-v4/commit/fe851002d20a8d6196a5abb68bafec4102964d5b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/gimmie/vbulletin-v4/commit/fe851002d20a8d6196a5abb68bafec4102964d5b", "name" : "https://github.com/gimmie/vbulletin-v4/commit/fe851002d20a8d6196a5abb68bafec4102964d5b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0", "name" : "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0", "name" : "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.220207", "name" : "https://vuldb.com/?ctiid.220207", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.220207", "name" : "https://vuldb.com/?ctiid.220207", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220207", "name" : "https://vuldb.com/?id.220207", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220207", "name" : "https://vuldb.com/?id.220207", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Gimmie Plugin 1.2.2 on vBulletin and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The patch is named fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gimmie_project:gimmie:*:*:*:*:*:vbulletin:*:*", "versionEndExcluding" : "1.3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-02-06T04:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125087", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jmurty/java-xmlbuilder/commit/e6fddca201790abab4f2c274341c0bb8835c3e73", "name" : "https://github.com/jmurty/java-xmlbuilder/commit/e6fddca201790abab4f2c274341c0bb8835c3e73", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/jmurty/java-xmlbuilder/commit/e6fddca201790abab4f2c274341c0bb8835c3e73", "name" : "https://github.com/jmurty/java-xmlbuilder/commit/e6fddca201790abab4f2c274341c0bb8835c3e73", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/jmurty/java-xmlbuilder/issues/6", "name" : "https://github.com/jmurty/java-xmlbuilder/issues/6", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/jmurty/java-xmlbuilder/issues/6", "name" : "https://github.com/jmurty/java-xmlbuilder/issues/6", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/jmurty/java-xmlbuilder/releases/tag/v1.2", "name" : "https://github.com/jmurty/java-xmlbuilder/releases/tag/v1.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/jmurty/java-xmlbuilder/releases/tag/v1.2", "name" : "https://github.com/jmurty/java-xmlbuilder/releases/tag/v1.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240208-0009/", "name" : "https://security.netapp.com/advisory/ntap-20240208-0009/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240208-0009/", "name" : "https://security.netapp.com/advisory/ntap-20240208-0009/", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.221480", "name" : "https://vuldb.com/?ctiid.221480", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.221480", "name" : "https://vuldb.com/?ctiid.221480", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221480", "name" : "https://vuldb.com/?id.221480", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221480", "name" : "https://vuldb.com/?id.221480", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:java-xmlbuilder_project:java-xmlbuilder:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-02-19T17:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125088", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/qt-users-jp/silk/commit/bbc5d6eeea800025ef29edda3fd3c57836239eae", "name" : "https://github.com/qt-users-jp/silk/commit/bbc5d6eeea800025ef29edda3fd3c57836239eae", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/qt-users-jp/silk/commit/bbc5d6eeea800025ef29edda3fd3c57836239eae", "name" : "https://github.com/qt-users-jp/silk/commit/bbc5d6eeea800025ef29edda3fd3c57836239eae", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.221488", "name" : "https://vuldb.com/?ctiid.221488", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.221488", "name" : "https://vuldb.com/?ctiid.221488", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221488", "name" : "https://vuldb.com/?id.221488", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221488", "name" : "https://vuldb.com/?id.221488", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in qt-users-jp silk 0.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file contents/root/examples/header.qml. The manipulation of the argument model.key/model.value leads to cross site scripting. The attack can be initiated remotely. The name of the patch is bbc5d6eeea800025ef29edda3fd3c57836239eae. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221488." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qt-users:silk:0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-02-20T08:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125089", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cention-mujibur-rahman/cention-chatserver/commit/c4c0258bbd18f6915f97f91d5fee625384096a26", "name" : "https://github.com/cention-mujibur-rahman/cention-chatserver/commit/c4c0258bbd18f6915f97f91d5fee625384096a26", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/cention-mujibur-rahman/cention-chatserver/commit/c4c0258bbd18f6915f97f91d5fee625384096a26", "name" : "https://github.com/cention-mujibur-rahman/cention-chatserver/commit/c4c0258bbd18f6915f97f91d5fee625384096a26", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/cention-mujibur-rahman/cention-chatserver/releases/tag/3.9", "name" : "https://github.com/cention-mujibur-rahman/cention-chatserver/releases/tag/3.9", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/cention-mujibur-rahman/cention-chatserver/releases/tag/3.9", "name" : "https://github.com/cention-mujibur-rahman/cention-chatserver/releases/tag/3.9", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.221497", "name" : "https://vuldb.com/?ctiid.221497", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.221497", "name" : "https://vuldb.com/?ctiid.221497", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221497", "name" : "https://vuldb.com/?id.221497", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221497", "name" : "https://vuldb.com/?id.221497", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The identifier of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cention-chatserver_project:cention-chatserver:3.8.0:rc1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-02-21T03:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125090", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/media-downloader/commit/77beb720c682b9300035ab5f96eee225181d8a92", "name" : "https://github.com/wp-plugins/media-downloader/commit/77beb720c682b9300035ab5f96eee225181d8a92", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/media-downloader/commit/77beb720c682b9300035ab5f96eee225181d8a92", "name" : "https://github.com/wp-plugins/media-downloader/commit/77beb720c682b9300035ab5f96eee225181d8a92", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.222262", "name" : "https://vuldb.com/?ctiid.222262", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.222262", "name" : "https://vuldb.com/?ctiid.222262", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.222262", "name" : "https://vuldb.com/?id.222262", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.222262", "name" : "https://vuldb.com/?id.222262", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Media Downloader Plugin 0.1.992 on WordPress. It has been declared as problematic. This vulnerability affects the function dl_file_resumable of the file getfile.php. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.1.993 is able to address this issue. The patch is identified as 77beb720c682b9300035ab5f96eee225181d8a92. It is recommended to upgrade the affected component. VDB-222262 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:media_downloader_project:media_downloader:0.1.992:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-03-04T20:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125091", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/cp-polls/commit/6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2", "name" : "https://github.com/wp-plugins/cp-polls/commit/6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/cp-polls/commit/6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2", "name" : "https://github.com/wp-plugins/cp-polls/commit/6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/cp-polls/releases/tag/1.0.2", "name" : "https://github.com/wp-plugins/cp-polls/releases/tag/1.0.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/cp-polls/releases/tag/1.0.2", "name" : "https://github.com/wp-plugins/cp-polls/releases/tag/1.0.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.222268", "name" : "https://vuldb.com/?ctiid.222268", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.222268", "name" : "https://vuldb.com/?ctiid.222268", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.222268", "name" : "https://vuldb.com/?id.222268", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.222268", "name" : "https://vuldb.com/?id.222268", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222268." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codepeople:polls_cp:1.0.1:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-03-04T22:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125092", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/maxbuttons/commit/e74564c9e3b7429808e317f4916bd1c26ef0b806", "name" : "https://github.com/wp-plugins/maxbuttons/commit/e74564c9e3b7429808e317f4916bd1c26ef0b806", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/maxbuttons/commit/e74564c9e3b7429808e317f4916bd1c26ef0b806", "name" : "https://github.com/wp-plugins/maxbuttons/commit/e74564c9e3b7429808e317f4916bd1c26ef0b806", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/maxbuttons/releases/tag/1.26.1", "name" : "https://github.com/wp-plugins/maxbuttons/releases/tag/1.26.1", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/maxbuttons/releases/tag/1.26.1", "name" : "https://github.com/wp-plugins/maxbuttons/releases/tag/1.26.1", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.222323", "name" : "https://vuldb.com/?ctiid.222323", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.222323", "name" : "https://vuldb.com/?ctiid.222323", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.222323", "name" : "https://vuldb.com/?id.222323", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.222323", "name" : "https://vuldb.com/?id.222323", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. The manipulation of the argument button_id leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.26.1 is able to address this issue. The patch is named e74564c9e3b7429808e317f4916bd1c26ef0b806. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222323." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:maxfoundry:maxbuttons:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.26.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-03-05T21:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125093", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/ad-blocking-detector/commit/3312b9cd79e5710d1e282fc9216a4e5ab31b3d94", "name" : "https://github.com/wp-plugins/ad-blocking-detector/commit/3312b9cd79e5710d1e282fc9216a4e5ab31b3d94", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/ad-blocking-detector/commit/3312b9cd79e5710d1e282fc9216a4e5ab31b3d94", "name" : "https://github.com/wp-plugins/ad-blocking-detector/commit/3312b9cd79e5710d1e282fc9216a4e5ab31b3d94", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/ad-blocking-detector/releases/tag/1.2.2", "name" : "https://github.com/wp-plugins/ad-blocking-detector/releases/tag/1.2.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/ad-blocking-detector/releases/tag/1.2.2", "name" : "https://github.com/wp-plugins/ad-blocking-detector/releases/tag/1.2.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.222610", "name" : "https://vuldb.com/?ctiid.222610", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.222610", "name" : "https://vuldb.com/?ctiid.222610", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.222610", "name" : "https://vuldb.com/?id.222610", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.222610", "name" : "https://vuldb.com/?id.222610", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 on WordPress and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 1.2.2 is able to address this issue. The patch is identified as 3312b9cd79e5710d1e282fc9216a4e5ab31b3d94. It is recommended to upgrade the affected component. VDB-222610 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getadmiral:ad_blocking_detector:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2023-03-10T02:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125094", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/osalabs/phpminiadmin/blob/master/changelog.md", "name" : "https://github.com/osalabs/phpminiadmin/blob/master/changelog.md", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/osalabs/phpminiadmin/blob/master/changelog.md", "name" : "https://github.com/osalabs/phpminiadmin/blob/master/changelog.md", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.225001", "name" : "https://vuldb.com/?ctiid.225001", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.225001", "name" : "https://vuldb.com/?ctiid.225001", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.225001", "name" : "https://vuldb.com/?id.225001", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.225001", "name" : "https://vuldb.com/?id.225001", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in phpMiniAdmin up to 1.8.120510. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.140405 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-225001 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpminiadmin_project:phpminiadmin:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.140405", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-04-06T21:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125095", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/contact-form-plugin/commit/4d531f74b4a801c805dc80360d4ea1312e9a278f", "name" : "https://github.com/wp-plugins/contact-form-plugin/commit/4d531f74b4a801c805dc80360d4ea1312e9a278f", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/contact-form-plugin/commit/4d531f74b4a801c805dc80360d4ea1312e9a278f", "name" : "https://github.com/wp-plugins/contact-form-plugin/commit/4d531f74b4a801c805dc80360d4ea1312e9a278f", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.225320", "name" : "https://vuldb.com/?ctiid.225320", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.225320", "name" : "https://vuldb.com/?ctiid.225320", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225320", "name" : "https://vuldb.com/?id.225320", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225320", "name" : "https://vuldb.com/?id.225320", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is 4d531f74b4a801c805dc80360d4ea1312e9a278f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225320." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bestwebsoft:contact_form:1.3.4:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-04-09T06:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125096", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/fancy-gallery/commit/fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d", "name" : "https://github.com/wp-plugins/fancy-gallery/commit/fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/fancy-gallery/commit/fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d", "name" : "https://github.com/wp-plugins/fancy-gallery/commit/fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.225349", "name" : "https://vuldb.com/?ctiid.225349", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.225349", "name" : "https://vuldb.com/?ctiid.225349", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225349", "name" : "https://vuldb.com/?id.225349", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225349", "name" : "https://vuldb.com/?id.225349", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Fancy Gallery Plugin 1.5.12 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file class.options.php of the component Options Page. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.13 is able to address this issue. The identifier of the patch is fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d. It is recommended to upgrade the affected component. The identifier VDB-225349 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fancy_gallery_project:fancy_gallery:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.5.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-04-10T03:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125097", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/facebook-button-plugin/commit/b766da8fa100779409a953f0e46c2a2448cbe99c", "name" : "https://github.com/wp-plugins/facebook-button-plugin/commit/b766da8fa100779409a953f0e46c2a2448cbe99c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/facebook-button-plugin/commit/b766da8fa100779409a953f0e46c2a2448cbe99c", "name" : "https://github.com/wp-plugins/facebook-button-plugin/commit/b766da8fa100779409a953f0e46c2a2448cbe99c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.225354", "name" : "https://vuldb.com/?ctiid.225354", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.225354", "name" : "https://vuldb.com/?ctiid.225354", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225354", "name" : "https://vuldb.com/?id.225354", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225354", "name" : "https://vuldb.com/?id.225354", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. The patch is identified as b766da8fa100779409a953f0e46c2a2448cbe99c. It is recommended to upgrade the affected component. VDB-225354 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bestwebsoft:facebook_button:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.34", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-04-10T04:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125098", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://codereview.chromium.org/225813002", "name" : "https://codereview.chromium.org/225813002", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://codereview.chromium.org/225813002", "name" : "https://codereview.chromium.org/225813002", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/dart-archive/http_server/commit/27c1cbd8125bb0369e675eb72e48218496e48ffb", "name" : "https://github.com/dart-archive/http_server/commit/27c1cbd8125bb0369e675eb72e48218496e48ffb", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/dart-archive/http_server/commit/27c1cbd8125bb0369e675eb72e48218496e48ffb", "name" : "https://github.com/dart-archive/http_server/commit/27c1cbd8125bb0369e675eb72e48218496e48ffb", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/dart-archive/http_server/releases/tag/0.9.6", "name" : "https://github.com/dart-archive/http_server/releases/tag/0.9.6", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/dart-archive/http_server/releases/tag/0.9.6", "name" : "https://github.com/dart-archive/http_server/releases/tag/0.9.6", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.225356", "name" : "https://vuldb.com/?ctiid.225356", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.225356", "name" : "https://vuldb.com/?ctiid.225356", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225356", "name" : "https://vuldb.com/?id.225356", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225356", "name" : "https://vuldb.com/?id.225356", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Dart http_server up to 0.9.5 and classified as problematic. Affected by this issue is the function VirtualDirectory of the file lib/src/virtual_directory.dart of the component Directory Listing Handler. The manipulation of the argument request.uri.path leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.9.6 is able to address this issue. The name of the patch is 27c1cbd8125bb0369e675eb72e48218496e48ffb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225356." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dart:http_server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.9.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-04-10T04:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125099", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/i-recommend-this/commit/058b3ef5c7577bf557557904a53ecc8599b13649", "name" : "https://github.com/wp-plugins/i-recommend-this/commit/058b3ef5c7577bf557557904a53ecc8599b13649", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/i-recommend-this/commit/058b3ef5c7577bf557557904a53ecc8599b13649", "name" : "https://github.com/wp-plugins/i-recommend-this/commit/058b3ef5c7577bf557557904a53ecc8599b13649", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/i-recommend-this/releases/tag/3.7.3", "name" : "https://github.com/wp-plugins/i-recommend-this/releases/tag/3.7.3", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/i-recommend-this/releases/tag/3.7.3", "name" : "https://github.com/wp-plugins/i-recommend-this/releases/tag/3.7.3", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.226309", "name" : "https://vuldb.com/?ctiid.226309", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.226309", "name" : "https://vuldb.com/?ctiid.226309", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.226309", "name" : "https://vuldb.com/?id.226309", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.226309", "name" : "https://vuldb.com/?id.226309", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:themeist:i_recommend_this:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.7.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-04-20T06:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125100", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/job-board/commit/dbb71deee071422ce3e663fbcdce3ad24886f940", "name" : "https://github.com/wp-plugins/job-board/commit/dbb71deee071422ce3e663fbcdce3ad24886f940", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/job-board/commit/dbb71deee071422ce3e663fbcdce3ad24886f940", "name" : "https://github.com/wp-plugins/job-board/commit/dbb71deee071422ce3e663fbcdce3ad24886f940", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.227764", "name" : "https://vuldb.com/?ctiid.227764", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.227764", "name" : "https://vuldb.com/?ctiid.227764", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.227764", "name" : "https://vuldb.com/?id.227764", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.227764", "name" : "https://vuldb.com/?id.227764", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is dbb71deee071422ce3e663fbcdce3ad24886f940. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227764." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bestwebsoft:job_board:1.0.0:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-05-02T02:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125101", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3", "name" : "https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3", "name" : "https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.230085", "name" : "https://vuldb.com/?ctiid.230085", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.230085", "name" : "https://vuldb.com/?ctiid.230085", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230085", "name" : "https://vuldb.com/?id.230085", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230085", "name" : "https://vuldb.com/?id.230085", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 is able to address this issue. The identifier of the patch is 58ed88243e17df766036f4857041edaf358076d3. It is recommended to upgrade the affected component. The identifier VDB-230085 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:huge-it:portfolio_gallery:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-05-28T13:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125102", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/relevant/commit/860d1891025548cf0f5f97364c1f51a888f523c3", "name" : "https://github.com/wp-plugins/relevant/commit/860d1891025548cf0f5f97364c1f51a888f523c3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/relevant/commit/860d1891025548cf0f5f97364c1f51a888f523c3", "name" : "https://github.com/wp-plugins/relevant/commit/860d1891025548cf0f5f97364c1f51a888f523c3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.230113", "name" : "https://vuldb.com/?ctiid.230113", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.230113", "name" : "https://vuldb.com/?ctiid.230113", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.230113", "name" : "https://vuldb.com/?id.230113", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.230113", "name" : "https://vuldb.com/?id.230113", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The identifier of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bestwebsoft:relevant:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2023-05-29T23:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125103", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/twitter-plugin/commit/e04d59ab578316ffeb204cf32dc71c0d0e1ff77c", "name" : "https://github.com/wp-plugins/twitter-plugin/commit/e04d59ab578316ffeb204cf32dc71c0d0e1ff77c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/twitter-plugin/commit/e04d59ab578316ffeb204cf32dc71c0d0e1ff77c", "name" : "https://github.com/wp-plugins/twitter-plugin/commit/e04d59ab578316ffeb204cf32dc71c0d0e1ff77c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.230155", "name" : "https://vuldb.com/?ctiid.230155", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.230155", "name" : "https://vuldb.com/?ctiid.230155", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.230155", "name" : "https://vuldb.com/?id.230155", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.230155", "name" : "https://vuldb.com/?id.230155", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function twttr_settings_page of the file twitter.php. The manipulation of the argument twttr_url_twitter/bws_license_key/bws_license_plugin leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The patch is named e04d59ab578316ffeb204cf32dc71c0d0e1ff77c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230155." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bestwebsoft:twitter:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-05-31T03:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125104", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/vaultpress/commit/e3b92b14edca6291c5f998d54c90cbe98a1fb0e3", "name" : "https://github.com/wp-plugins/vaultpress/commit/e3b92b14edca6291c5f998d54c90cbe98a1fb0e3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/vaultpress/commit/e3b92b14edca6291c5f998d54c90cbe98a1fb0e3", "name" : "https://github.com/wp-plugins/vaultpress/commit/e3b92b14edca6291c5f998d54c90cbe98a1fb0e3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/vaultpress/releases/tag/1.6.1", "name" : "https://github.com/wp-plugins/vaultpress/releases/tag/1.6.1", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/vaultpress/releases/tag/1.6.1", "name" : "https://github.com/wp-plugins/vaultpress/releases/tag/1.6.1", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.230263", "name" : "https://vuldb.com/?ctiid.230263", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.230263", "name" : "https://vuldb.com/?ctiid.230263", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230263", "name" : "https://vuldb.com/?id.230263", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230263", "name" : "https://vuldb.com/?id.230263", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The patch is named e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:automattic:vaultpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.6.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-06-01T13:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125105", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/broken-link-checker/commit/90615fe9b0b6f9e6fb254d503c302e53a202e561", "name" : "https://github.com/wp-plugins/broken-link-checker/commit/90615fe9b0b6f9e6fb254d503c302e53a202e561", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/broken-link-checker/commit/90615fe9b0b6f9e6fb254d503c302e53a202e561", "name" : "https://github.com/wp-plugins/broken-link-checker/commit/90615fe9b0b6f9e6fb254d503c302e53a202e561", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/broken-link-checker/releases/tag/1.10.2", "name" : "https://github.com/wp-plugins/broken-link-checker/releases/tag/1.10.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/broken-link-checker/releases/tag/1.10.2", "name" : "https://github.com/wp-plugins/broken-link-checker/releases/tag/1.10.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.230659", "name" : "https://vuldb.com/?ctiid.230659", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.230659", "name" : "https://vuldb.com/?ctiid.230659", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230659", "name" : "https://vuldb.com/?id.230659", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230659", "name" : "https://vuldb.com/?id.230659", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation of the argument exclusion_list/blc_custom_fields leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.10.2 is able to address this issue. The patch is named 90615fe9b0b6f9e6fb254d503c302e53a202e561. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230659." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:managewp:broken_link_checker:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.10.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-06-05T01:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125106", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/nanopb/nanopb/blob/master/CHANGELOG.txt", "name" : "https://github.com/nanopb/nanopb/blob/master/CHANGELOG.txt", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/nanopb/nanopb/blob/master/CHANGELOG.txt", "name" : "https://github.com/nanopb/nanopb/blob/master/CHANGELOG.txt", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/nanopb/nanopb/commit/d2099cc8f1adb33d427a44a5e32ed27b647c7168", "name" : "https://github.com/nanopb/nanopb/commit/d2099cc8f1adb33d427a44a5e32ed27b647c7168", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/nanopb/nanopb/commit/d2099cc8f1adb33d427a44a5e32ed27b647c7168", "name" : "https://github.com/nanopb/nanopb/commit/d2099cc8f1adb33d427a44a5e32ed27b647c7168", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/nanopb/nanopb/compare/nanopb-0.3.0...nanopb-0.3.1", "name" : "https://github.com/nanopb/nanopb/compare/nanopb-0.3.0...nanopb-0.3.1", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/nanopb/nanopb/compare/nanopb-0.3.0...nanopb-0.3.1", "name" : "https://github.com/nanopb/nanopb/compare/nanopb-0.3.0...nanopb-0.3.1", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nanopb_project:nanopb:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-06-17T22:15Z", "lastModifiedDate" : "2024-12-17T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125107", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Corveda/PHPSandbox/commit/48fde5ffa4d76014bad260a3cbab7ada3744a4cc", "name" : "https://github.com/Corveda/PHPSandbox/commit/48fde5ffa4d76014bad260a3cbab7ada3744a4cc", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/Corveda/PHPSandbox/commit/48fde5ffa4d76014bad260a3cbab7ada3744a4cc", "name" : "https://github.com/Corveda/PHPSandbox/commit/48fde5ffa4d76014bad260a3cbab7ada3744a4cc", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/Corveda/PHPSandbox/releases/tag/v1.3.5", "name" : "https://github.com/Corveda/PHPSandbox/releases/tag/v1.3.5", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/Corveda/PHPSandbox/releases/tag/v1.3.5", "name" : "https://github.com/Corveda/PHPSandbox/releases/tag/v1.3.5", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.248270", "name" : "https://vuldb.com/?ctiid.248270", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.248270", "name" : "https://vuldb.com/?ctiid.248270", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.248270", "name" : "https://vuldb.com/?id.248270", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.248270", "name" : "https://vuldb.com/?id.248270", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protection mechanism failure. The attack may be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The patch is identified as 48fde5ffa4d76014bad260a3cbab7ada3744a4cc. It is recommended to upgrade the affected component. VDB-248270 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:corveda:phpsandbox:1.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2023-12-19T03:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125108", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/w3c/online-spellchecker-py/commit/d6c21fd8187c5db2a50425ff80694149e75d722e", "name" : "https://github.com/w3c/online-spellchecker-py/commit/d6c21fd8187c5db2a50425ff80694149e75d722e", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/w3c/online-spellchecker-py/commit/d6c21fd8187c5db2a50425ff80694149e75d722e", "name" : "https://github.com/w3c/online-spellchecker-py/commit/d6c21fd8187c5db2a50425ff80694149e75d722e", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.248849", "name" : "https://vuldb.com/?ctiid.248849", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.248849", "name" : "https://vuldb.com/?ctiid.248849", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.248849", "name" : "https://vuldb.com/?id.248849", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.248849", "name" : "https://vuldb.com/?id.248849", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:w3:spell_checker:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014-01-31", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-12-23T17:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125109", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/portfolio/commit/d2ede580474665af56ff262a05783fbabe4529b8", "name" : "https://github.com/wp-plugins/portfolio/commit/d2ede580474665af56ff262a05783fbabe4529b8", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/portfolio/commit/d2ede580474665af56ff262a05783fbabe4529b8", "name" : "https://github.com/wp-plugins/portfolio/commit/d2ede580474665af56ff262a05783fbabe4529b8", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.248956", "name" : "https://vuldb.com/?ctiid.248956", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.248956", "name" : "https://vuldb.com/?ctiid.248956", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.248956", "name" : "https://vuldb.com/?id.248956", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.248956", "name" : "https://vuldb.com/?id.248956", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.28 is able to address this issue. The name of the patch is d2ede580474665af56ff262a05783fbabe4529b8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248956." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bestwebsoft:portfolio:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.28", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-12-26T15:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125110", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/wp-file-upload/commit/c846327df030a0a97da036a2f07c769ab9284ddb", "name" : "https://github.com/wp-plugins/wp-file-upload/commit/c846327df030a0a97da036a2f07c769ab9284ddb", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/wp-plugins/wp-file-upload/commit/c846327df030a0a97da036a2f07c769ab9284ddb", "name" : "https://github.com/wp-plugins/wp-file-upload/commit/c846327df030a0a97da036a2f07c769ab9284ddb", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/wp-plugins/wp-file-upload/releases/tag/2.4.4", "name" : "https://github.com/wp-plugins/wp-file-upload/releases/tag/2.4.4", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/wp-plugins/wp-file-upload/releases/tag/2.4.4", "name" : "https://github.com/wp-plugins/wp-file-upload/releases/tag/2.4.4", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.258781", "name" : "VDB-258781 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.258781", "name" : "VDB-258781 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.258781", "name" : "VDB-258781 | wp-file-upload Plugin wfu_ajaxactions.php wfu_ajax_action_callback cross site scripting", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.258781", "name" : "VDB-258781 | wp-file-upload Plugin wfu_ajaxactions.php wfu_ajax_action_callback cross site scripting", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.4.4 is able to address this issue. The identifier of the patch is c846327df030a0a97da036a2f07c769ab9284ddb. It is recommended to upgrade the affected component. The identifier VDB-258781 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-01T00:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-125111", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/wp-insert/commit/a07b7b08084b9b85859f3968ce7fde0fd1fcbba3", "name" : "https://github.com/wp-plugins/wp-insert/commit/a07b7b08084b9b85859f3968ce7fde0fd1fcbba3", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/wp-plugins/wp-insert/commit/a07b7b08084b9b85859f3968ce7fde0fd1fcbba3", "name" : "https://github.com/wp-plugins/wp-insert/commit/a07b7b08084b9b85859f3968ce7fde0fd1fcbba3", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.259628", "name" : "VDB-259628 | CTI Indicators (IOB, IOC, TTP)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.259628", "name" : "VDB-259628 | CTI Indicators (IOB, IOC, TTP)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.259628", "name" : "VDB-259628 | namithjawahar Wp-Insert cross site scripting", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.259628", "name" : "VDB-259628 | namithjawahar Wp-Insert cross site scripting", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.9 is able to address this issue. The name of the patch is a07b7b08084b9b85859f3968ce7fde0fd1fcbba3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259628." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-08T13:15Z", "lastModifiedDate" : "2024-11-21T02:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1277", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3948. Reason: This candidate is a duplicate of CVE-2013-3948. Notes: All CVE users should reference CVE-2013-3948 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-03-13T10:55Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1283", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1284", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2019. Reason: This candidate is a duplicate of CVE-2014-2019. Notes: All CVE users should reference CVE-2014-2019 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-03-13T10:55Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1288", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1306", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1328", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1332", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1374", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1398", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html", "name" : "FEDORA-2014-0508", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html", "name" : "FEDORA-2014-0508", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html", "name" : "FEDORA-2014-0509", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html", "name" : "FEDORA-2014-0509", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/09/3", "name" : "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/09/3", "name" : "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/64729", "name" : "64729", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/64729", "name" : "64729", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050802", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050802", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050802", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050802", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90215", "name" : "drupal-entityapi-cve20141398-security-bypass(90215)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90215", "name" : "drupal-entityapi-cve20141398-security-bypass(90215)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.drupal.org/node/2169595", "name" : "https://www.drupal.org/node/2169595", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2169595", "name" : "https://www.drupal.org/node/2169595", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:entity_api_project:entity_api:7.x-1.1:*:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:*:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:entity_api_project:entity_api:7.x-1.2:*:*:*:*:drupal:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-10T15:29Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1399", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html", "name" : "FEDORA-2014-0508", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html", "name" : "FEDORA-2014-0508", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html", "name" : "FEDORA-2014-0509", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html", "name" : "FEDORA-2014-0509", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/09/3", "name" : "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/09/3", "name" : "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.securityfocus.com/bid/64729", "name" : "64729", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/64729", "name" : "64729", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050802", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050802", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050802", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050802", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90216", "name" : "drupal-entityapi-cve20141399-security-bypass(90216)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90216", "name" : "drupal-entityapi-cve20141399-security-bypass(90216)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.drupal.org/node/2169595", "name" : "https://www.drupal.org/node/2169595", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2169595", "name" : "https://www.drupal.org/node/2169595", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:entity_api_project:entity_api:7.x-1.1:*:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:*:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:entity_api_project:entity_api:7.x-1.2:*:*:*:*:drupal:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-10T15:29Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1400", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html", "name" : "FEDORA-2014-0508", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html", "name" : "FEDORA-2014-0508", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html", "name" : "FEDORA-2014-0509", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html", "name" : "FEDORA-2014-0509", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/09/3", "name" : "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/09/3", "name" : "[oss-security] 20140109 Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/64729", "name" : "64729", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/64729", "name" : "64729", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050802", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050802", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050802", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050802", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90396", "name" : "drupal-entity-cve20141400-sec-bypass(90396)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90396", "name" : "drupal-entity-cve20141400-sec-bypass(90396)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.drupal.org/node/2169595", "name" : "https://www.drupal.org/node/2169595", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2169595", "name" : "https://www.drupal.org/node/2169595", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:entity_api_project:entity_api:7.x-1.1:*:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:*:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:entity_api_project:entity_api:7.x-1.2:*:*:*:*:drupal:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-10T15:29Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1409", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-91" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2014/Apr/21", "name" : "http://seclists.org/fulldisclosure/2014/Apr/21", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Apr/21", "name" : "http://seclists.org/fulldisclosure/2014/Apr/21", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92351", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92351", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92351", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92351", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/cve/CVE-2014-1409", "name" : "https://packetstormsecurity.com/files/cve/CVE-2014-1409", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/cve/CVE-2014-1409", "name" : "https://packetstormsecurity.com/files/cve/CVE-2014-1409", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mobileiron:virtual_smartphone_platform:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mobileiron:sentry:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-08T16:15Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1420", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182", "name" : "http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182", "name" : "http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://launchpad.net/bugs/1348241", "name" : "https://launchpad.net/bugs/1348241", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://launchpad.net/bugs/1348241", "name" : "https://launchpad.net/bugs/1348241", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:canonical:ubuntu-ui-toolkit:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.1188\\+14.10.20140813.4-0ubuntu1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-09-11T00:15Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1422", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-732" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82", "name" : "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82", "name" : "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://launchpad.net/bugs/1387734", "name" : "https://launchpad.net/bugs/1387734", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "https://launchpad.net/bugs/1387734", "name" : "https://launchpad.net/bugs/1387734", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:canonical:trust-store_\\(ubuntu\\):*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:canonical:trust-store_\\(ubuntu_rtm\\):*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.3, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 1.9 }, "severity" : "LOW", "exploitabilityScore" : 3.4, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-07-22T18:15Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1423", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644", "name" : "http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644", "name" : "http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645", "name" : "http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645", "name" : "http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380", "name" : "https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380", "name" : "https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:signond_project:signond:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.57\\+15.04.20141127.1-0ubuntu1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ubports:ubuntu_touch:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-05-07T23:15Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1426", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://launchpad.net/maas/+milestone/1.9.2", "name" : "https://launchpad.net/maas/+milestone/1.9.2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://launchpad.net/maas/+milestone/1.9.2", "name" : "https://launchpad.net/maas/+milestone/1.9.2", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:canonical:metal_as_a_service:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-22T16:29Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1427", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://launchpad.net/maas/+milestone/1.9.2", "name" : "https://launchpad.net/maas/+milestone/1.9.2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://launchpad.net/maas/+milestone/1.9.2", "name" : "https://launchpad.net/maas/+milestone/1.9.2", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:canonical:metal_as_a_service:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-04-22T16:29Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1428", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-254" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://launchpad.net/maas/+milestone/1.9.2", "name" : "https://launchpad.net/maas/+milestone/1.9.2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://launchpad.net/maas/+milestone/1.9.2", "name" : "https://launchpad.net/maas/+milestone/1.9.2", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:canonical:metal_as_a_service:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-22T16:29Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1429", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1430", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1431", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1432", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1433", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1434", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1435", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1436", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1437", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1448", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-1447. Reason: This candidate is a reservation duplicate of CVE-2014-1447. Only one candidate was needed for the disclosure in question. Notes: All CVE users should reference CVE-2014-1447 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-01-15T16:13Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1454", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92341", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92341", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92341", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92341", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/archive/1/531750", "name" : "https://www.securityfocus.com/archive/1/531750", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/archive/1/531750", "name" : "https://www.securityfocus.com/archive/1/531750", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pearson:esis_enterprise_student_information_system:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-08T14:15Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1457", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwebanalytics.com/?p=384", "name" : "http://www.openwebanalytics.com/?p=384", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.openwebanalytics.com/?p=384", "name" : "http://www.openwebanalytics.com/?p=384", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/65573", "name" : "65573", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65573", "name" : "65573", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91125", "name" : "owa-cve20141457-csrf(91125)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91125", "name" : "owa-cve20141457-csrf(91125)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.secureworks.com/research/swrx-2014-006", "name" : "https://www.secureworks.com/research/swrx-2014-006", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.secureworks.com/research/swrx-2014-006", "name" : "https://www.secureworks.com/research/swrx-2014-006", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openwebanalytics:open_web_analytics:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1470", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2388. Reason: This candidate is a reservation duplicate of CVE-2014-2388. Notes: All CVE users should reference CVE-2014-2388 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-08-18T11:15Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1521", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1579", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1596", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1598", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.ixiacom.com/strikes/exploits/scada/cve_2014_1598_CenturyStar_ActiveX_Control_SetMyAddress_bo.xml", "name" : "https://support.ixiacom.com/strikes/exploits/scada/cve_2014_1598_CenturyStar_ActiveX_Control_SetMyAddress_bo.xml", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://support.ixiacom.com/strikes/exploits/scada/cve_2014_1598_CenturyStar_ActiveX_Control_SetMyAddress_bo.xml", "name" : "https://support.ixiacom.com/strikes/exploits/scada/cve_2014_1598_CenturyStar_ActiveX_Control_SetMyAddress_bo.xml", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "centurystar 7.12 ActiveX Control has a Stack Buffer Overflow" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:centurystar_project:centurystar:7.12:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-08T14:15Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1617", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://fortiguardcenter.com/encyclopedia/ips/38068", "name" : "http://fortiguardcenter.com/encyclopedia/ips/38068", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://fortiguardcenter.com/encyclopedia/ips/38068", "name" : "http://fortiguardcenter.com/encyclopedia/ips/38068", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/cve/CVE-2014-1617", "name" : "https://packetstormsecurity.com/files/cve/CVE-2014-1617", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://packetstormsecurity.com/files/cve/CVE-2014-1617", "name" : "https://packetstormsecurity.com/files/cve/CVE-2014-1617", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:promotic:promotic:8.2.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.1 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-13T22:15Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1631", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-275" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4666", "name" : "http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4666", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4666", "name" : "http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4666", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/530891/100/0/threaded", "name" : "20140127 Multiple Vulnerabilities in Eventum", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/530891/100/0/threaded", "name" : "20140127 Multiple Vulnerabilities in Eventum", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.launchpad.net/eventum/+bug/1271499", "name" : "https://bugs.launchpad.net/eventum/+bug/1271499", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/eventum/+bug/1271499", "name" : "https://bugs.launchpad.net/eventum/+bug/1271499", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23198", "name" : "https://www.htbridge.com/advisory/HTB23198", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23198", "name" : "https://www.htbridge.com/advisory/HTB23198", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eventum_project:eventum:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.3.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-31T18:29Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1632", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-275" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665", "name" : "http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665", "name" : "http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/530891/100/0/threaded", "name" : "20140127 Multiple Vulnerabilities in Eventum", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/530891/100/0/threaded", "name" : "20140127 Multiple Vulnerabilities in Eventum", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.launchpad.net/eventum/+bug/1271499", "name" : "https://bugs.launchpad.net/eventum/+bug/1271499", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/eventum/+bug/1271499", "name" : "https://bugs.launchpad.net/eventum/+bug/1271499", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23198", "name" : "https://www.htbridge.com/advisory/HTB23198", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23198", "name" : "https://www.htbridge.com/advisory/HTB23198", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eventum_project:eventum:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.3.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-31T18:29Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1634", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.integrity.pt/advisories/cve-2014-1634/", "name" : "https://labs.integrity.pt/advisories/cve-2014-1634/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://labs.integrity.pt/advisories/cve-2014-1634/", "name" : "https://labs.integrity.pt/advisories/cve-2014-1634/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:magento:advanced_newsletter:*:*:*:*:*:magento:*:*", "versionEndExcluding" : "2.3.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-09T17:15Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1653", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1654", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1655", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1656", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1657", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1658", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1659", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1660", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1661", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1662", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1665", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html", "name" : "http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html", "name" : "http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/65457", "name" : "65457", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65457", "name" : "65457", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91012", "name" : "owncloud-indexphp-xss(91012)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91012", "name" : "owncloud-indexphp-xss(91012)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/125086", "name" : "https://packetstormsecurity.com/files/125086", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/125086", "name" : "https://packetstormsecurity.com/files/125086", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/31427/", "name" : "31427", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/31427/", "name" : "31427", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1686", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2014/Mar/102", "name" : "20140312 CVE-2014-1686 -- Information disclosure: webserver source path in Mediawiki 1.18.0", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Mar/102", "name" : "20140312 CVE-2014-1686 -- Information disclosure: webserver source path in Mediawiki 1.18.0", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/66141", "name" : "66141", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/66141", "name" : "66141", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91847", "name" : "mediawiki-cve20141686-path-disclosure(91847)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91847", "name" : "mediawiki-cve20141686-path-disclosure(91847)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/125682", "name" : "https://packetstormsecurity.com/files/125682", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/125682", "name" : "https://packetstormsecurity.com/files/125682", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-16T09:58Z", "lastModifiedDate" : "2024-11-21T02:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1768", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1787", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1793", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1798", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1801", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1810", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1821", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1822", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1825", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1834", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/01/31/10", "name" : "[oss-security] 20140131 Re: echor 0.1.6 Ruby Gem exposes login credentials", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/31/10", "name" : "[oss-security] 20140131 Re: echor 0.1.6 Ruby Gem exposes login credentials", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:echor_project:echor:0.1.6:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-02T21:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1835", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/01/31/10", "name" : "[oss-security] 20140131 Re: echor 0.1.6 Ruby Gem exposes login credentials", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/01/31/10", "name" : "[oss-security] 20140131 Re: echor 0.1.6 Ruby Gem exposes login credentials", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://xforce.iss.net/xforce/xfdb/90858", "name" : "echor-ruby-system-process-info-disc(90858)", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://xforce.iss.net/xforce/xfdb/90858", "name" : "echor-ruby-system-process-info-disc(90858)", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:echor_project:echor:0.1.6:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-02T21:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1845", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/02/03/19", "name" : "[oss-security] 20140203 Re: CVE request: enlightenment sysactions", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/03/19", "name" : "[oss-security] 20140203 Re: CVE request: enlightenment sysactions", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91216", "name" : "enlightenment-helper-priv-esc(91216)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91216", "name" : "enlightenment-helper-priv-esc(91216)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0", "name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0", "name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", "name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", "name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:enlightenment:enlightenment:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.17.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-27T16:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1846", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/02/03/19", "name" : "[oss-security] 20140203 Re: CVE request: enlightenment sysactions", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/03/19", "name" : "[oss-security] 20140203 Re: CVE request: enlightenment sysactions", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91215", "name" : "enlightenment-configuration-priv-esc(91215)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91215", "name" : "enlightenment-configuration-priv-esc(91215)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", "name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", "name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:enlightenment:enlightenment:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.17.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-27T16:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1850", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3743. Reason: This candidate is a duplicate of CVE-2014-3743. Notes: All CVE users should reference CVE-2014-3743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usag" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-01-06T20:15Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1858", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html", "name" : "FEDORA-2014-2289", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html", "name" : "FEDORA-2014-2289", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html", "name" : "FEDORA-2014-2387", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html", "name" : "FEDORA-2014-2387", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/08/3", "name" : "[oss-security] 20140207 Re: CVE request: f2py insecure temporary file use", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/08/3", "name" : "[oss-security] 20140207 Re: CVE request: f2py insecure temporary file use", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/65441", "name" : "65441", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65441", "name" : "65441", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91318", "name" : "numpy-cve20141858-symlink(91318)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91318", "name" : "numpy-cve20141858-symlink(91318)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst", "name" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst", "name" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", "name" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", "name" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/numpy/numpy/pull/4262", "name" : "https://github.com/numpy/numpy/pull/4262", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/numpy/numpy/pull/4262", "name" : "https://github.com/numpy/numpy/pull/4262", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:numpy:numpy:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1859", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html", "name" : "FEDORA-2014-2289", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html", "name" : "FEDORA-2014-2289", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html", "name" : "FEDORA-2014-2387", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html", "name" : "FEDORA-2014-2387", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/08/3", "name" : "[oss-security] 20140207 Re: CVE request: f2py insecure temporary file use", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/08/3", "name" : "[oss-security] 20140207 Re: CVE request: f2py insecure temporary file use", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/65440", "name" : "65440", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65440", "name" : "65440", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91317", "name" : "numpy-cve20141859-symlink(91317)", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91317", "name" : "numpy-cve20141859-symlink(91317)", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst", "name" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst", "name" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", "name" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", "name" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/numpy/numpy/pull/4262", "name" : "https://github.com/numpy/numpy/pull/4262", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/numpy/numpy/pull/4262", "name" : "https://github.com/numpy/numpy/pull/4262", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:numpy:numpy:1.8.1:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:numpy:numpy:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1860", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/02/03/14", "name" : "http://www.openwall.com/lists/oss-security/2014/02/03/14", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/03/14", "name" : "http://www.openwall.com/lists/oss-security/2014/02/03/14", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/07/7", "name" : "http://www.openwall.com/lists/oss-security/2014/02/07/7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/07/7", "name" : "http://www.openwall.com/lists/oss-security/2014/02/07/7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/65293", "name" : "http://www.securityfocus.com/bid/65293", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65293", "name" : "http://www.securityfocus.com/bid/65293", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/cve/CVE-2014-1860", "name" : "https://packetstormsecurity.com/files/cve/CVE-2014-1860", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/cve/CVE-2014-1860", "name" : "https://packetstormsecurity.com/files/cve/CVE-2014-1860", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-database.net/?id=21609", "name" : "Exploit Database", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-database.net/?id=21609", "name" : "Exploit Database", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.2.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-08T16:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1867", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/02/10/1", "name" : "http://www.openwall.com/lists/oss-security/2014/02/10/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/10/1", "name" : "http://www.openwall.com/lists/oss-security/2014/02/10/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/65212", "name" : "http://www.securityfocus.com/bid/65212", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65212", "name" : "http://www.securityfocus.com/bid/65212", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91315", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91315", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91315", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91315", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-1867", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-1867", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-1867", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-1867", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:suphp:suphp:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.7.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-13T14:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1889", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/531050/100/0/threaded", "name" : "20140213 Wordpress plugin Buddypress <= 1.9.1 privilege escalation vulnerability", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/531050/100/0/threaded", "name" : "20140213 Wordpress plugin Buddypress <= 1.9.1 privilege escalation vulnerability", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65554", "name" : "65554", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65554", "name" : "65554", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://buddypress.org/2014/02/buddypress-1-9-2/", "name" : "https://buddypress.org/2014/02/buddypress-1-9-2/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://buddypress.org/2014/02/buddypress-1-9-2/", "name" : "https://buddypress.org/2014/02/buddypress-1-9-2/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91261", "name" : "buddypress-cve20141889-sec-bypass(91261)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91261", "name" : "buddypress-cve20141889-sec-bypass(91261)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:buddypress:buddypress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.9.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-10T15:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1922", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660", "name" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660", "name" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "http://koha-community.org/security-release-february-2014/", "name" : "http://koha-community.org/security-release-february-2014/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://koha-community.org/security-release-february-2014/", "name" : "http://koha-community.org/security-release-february-2014/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "name" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "name" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "name" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "name" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.08.23", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.10.00", "versionEndExcluding" : "3.10.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.12.00", "versionEndExcluding" : "3.12.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.14.00", "versionEndExcluding" : "3.14.03", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-24T17:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1923", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661", "name" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661", "name" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662", "name" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662", "name" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "http://koha-community.org/security-release-february-2014/", "name" : "http://koha-community.org/security-release-february-2014/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://koha-community.org/security-release-february-2014/", "name" : "http://koha-community.org/security-release-february-2014/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "name" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "name" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "name" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "name" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.08.23", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.10.00", "versionEndExcluding" : "3.10.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.12.00", "versionEndExcluding" : "3.12.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.14.00", "versionEndExcluding" : "3.14.03", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-24T17:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1924", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666", "name" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666", "name" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "http://koha-community.org/security-release-february-2014/", "name" : "http://koha-community.org/security-release-february-2014/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://koha-community.org/security-release-february-2014/", "name" : "http://koha-community.org/security-release-february-2014/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "name" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "name" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "name" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "name" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.08.23", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.10.00", "versionEndExcluding" : "3.10.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.12.00", "versionEndExcluding" : "3.12.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.14.00", "versionEndExcluding" : "3.14.03", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-24T17:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1925", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666", "name" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666", "name" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "http://koha-community.org/security-release-february-2014/", "name" : "http://koha-community.org/security-release-february-2014/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://koha-community.org/security-release-february-2014/", "name" : "http://koha-community.org/security-release-february-2014/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "name" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "name" : "http://www.openwall.com/lists/oss-security/2014/02/07/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "name" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "name" : "http://www.openwall.com/lists/oss-security/2014/02/10/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.08.23", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.10.00", "versionEndExcluding" : "3.10.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.12.00", "versionEndExcluding" : "3.12.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.14.00", "versionEndExcluding" : "3.14.03", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-24T17:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1926", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-07T16:15Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1935", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "name" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "name" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737206", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737206", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737206", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737206", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-1935", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-1935", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-1935", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-1935", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:9base_project:9base:1\\:6-6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:9base_project:9base:1\\:6-7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-21T15:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1936", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "name" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "name" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737125", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737125", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737125", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737125", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-1936", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-1936", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-1936", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-1936", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "rc before 1.7.1-5 insecurely creates temporary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rc_project:rc:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.1-5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-21T15:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1937", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "name" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "name" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737324", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737324", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737324", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737324", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-1937", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-1937", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-1937", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-1937", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gamera before 3.4.1 insecurely creates temporary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gamera_project:gamera:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-21T15:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1938", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "name" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "name" : "http://www.openwall.com/lists/oss-security/2014/02/11/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737627", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737627", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737627", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737627", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-1938", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-1938", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-1938", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-1938", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "python-rply before 0.7.4 insecurely creates temporary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rply_project:rply:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.7.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-21T15:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1946", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/531351/100/0/threaded", "name" : "20140305 Multiple Vulnerabilities in OpenDocMan", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/531351/100/0/threaded", "name" : "20140305 Multiple Vulnerabilities in OpenDocMan", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91577", "name" : "opendocman-cve20141946-sec-bypass(91577)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91577", "name" : "opendocman-cve20141946-sec-bypass(91577)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23202", "name" : "https://www.htbridge.com/advisory/HTB23202", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23202", "name" : "https://www.htbridge.com/advisory/HTB23202", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opendocman:opendocman:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.2.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-10T15:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1947", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/02/12/13", "name" : "http://www.openwall.com/lists/oss-security/2014/02/12/13", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/12/13", "name" : "http://www.openwall.com/lists/oss-security/2014/02/12/13", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/12/2", "name" : "http://www.openwall.com/lists/oss-security/2014/02/12/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/12/2", "name" : "http://www.openwall.com/lists/oss-security/2014/02/12/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/13/2", "name" : "http://www.openwall.com/lists/oss-security/2014/02/13/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/13/2", "name" : "http://www.openwall.com/lists/oss-security/2014/02/13/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/13/5", "name" : "http://www.openwall.com/lists/oss-security/2014/02/13/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/13/5", "name" : "http://www.openwall.com/lists/oss-security/2014/02/13/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/19/13", "name" : "http://www.openwall.com/lists/oss-security/2014/02/19/13", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/19/13", "name" : "http://www.openwall.com/lists/oss-security/2014/02/19/13", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064098", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064098", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064098", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064098", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://www.suse.com/support/update/announcement/2014/suse-su-20140359-1.html", "name" : "https://www.suse.com/support/update/announcement/2014/suse-su-20140359-1.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.suse.com/support/update/announcement/2014/suse-su-20140359-1.html", "name" : "https://www.suse.com/support/update/announcement/2014/suse-su-20140359-1.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.5.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-17T21:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1958", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html", "name" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html", "name" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html", "name" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html", "name" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://trac.imagemagick.org/changeset/14801", "name" : "http://trac.imagemagick.org/changeset/14801", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://trac.imagemagick.org/changeset/14801", "name" : "http://trac.imagemagick.org/changeset/14801", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://ubuntu.com/usn/usn-2132-1", "name" : "http://ubuntu.com/usn/usn-2132-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://ubuntu.com/usn/usn-2132-1", "name" : "http://ubuntu.com/usn/usn-2132-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/13/2", "name" : "http://www.openwall.com/lists/oss-security/2014/02/13/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/13/2", "name" : "http://www.openwall.com/lists/oss-security/2014/02/13/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/13/5", "name" : "http://www.openwall.com/lists/oss-security/2014/02/13/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/13/5", "name" : "http://www.openwall.com/lists/oss-security/2014/02/13/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2014/02/19/13", "name" : "https://www.openwall.com/lists/oss-security/2014/02/19/13", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2014/02/19/13", "name" : "https://www.openwall.com/lists/oss-security/2014/02/19/13", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.8.8-5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-06T15:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-1981", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2017", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-93" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.oxid-esales.com/view.php?id=5635", "name" : "https://bugs.oxid-esales.com/view.php?id=5635", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugs.oxid-esales.com/view.php?id=5635", "name" : "https://bugs.oxid-esales.com/view.php?id=5635", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://oxidforge.org/en/security-bulletin-2014-002.html", "name" : "https://oxidforge.org/en/security-bulletin-2014-002.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://oxidforge.org/en/security-bulletin-2014-002.html", "name" : "https://oxidforge.org/en/security-bulletin-2014-002.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxidforge:eshop:*:*:*:*:professional:*:*:*", "versionStartIncluding" : "4.8.0", "versionEndExcluding" : "4.8.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxidforge:eshop:*:*:*:*:professional:*:*:*", "versionEndExcluding" : "4.7.11", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxidforge:eshop:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "5.1.0", "versionEndExcluding" : "5.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxidforge:eshop:*:*:*:*:enterprise:*:*:*", "versionEndExcluding" : "5.0.11", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxidforge:eshop:*:*:*:*:community:*:*:*", "versionStartIncluding" : "4.8.0", "versionEndExcluding" : "4.8.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxidforge:eshop:*:*:*:*:community:*:*:*", "versionEndExcluding" : "4.7.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2025", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.christian-schneider.net/advisories/CVE-2014-2025.txt", "name" : "http://www.christian-schneider.net/advisories/CVE-2014-2025.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.christian-schneider.net/advisories/CVE-2014-2025.txt", "name" : "http://www.christian-schneider.net/advisories/CVE-2014-2025.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99568", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99568", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99568", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99568", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=31&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=31", "name" : "https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=31&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=31", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=31&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=31", "name" : "https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=31&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=31", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unitedplanet:intrexx:6.0:*:*:*:professional:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unitedplanet:intrexx:5.2:*:*:*:professional:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-31T23:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2030", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html", "name" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html", "name" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html", "name" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html", "name" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://ubuntu.com/usn/usn-2132-1", "name" : "http://ubuntu.com/usn/usn-2132-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://ubuntu.com/usn/usn-2132-1", "name" : "http://ubuntu.com/usn/usn-2132-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/12/2", "name" : "http://www.openwall.com/lists/oss-security/2014/02/12/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/12/2", "name" : "http://www.openwall.com/lists/oss-security/2014/02/12/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/13/5", "name" : "http://www.openwall.com/lists/oss-security/2014/02/13/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/13/5", "name" : "http://www.openwall.com/lists/oss-security/2014/02/13/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/19/13", "name" : "http://www.openwall.com/lists/oss-security/2014/02/19/13", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/19/13", "name" : "http://www.openwall.com/lists/oss-security/2014/02/19/13", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064098", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064098", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064098", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064098", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://web.archive.org/web/20090120112751/http://trac.imagemagick.org/changeset/13736", "name" : "https://web.archive.org/web/20090120112751/http://trac.imagemagick.org/changeset/13736", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://web.archive.org/web/20090120112751/http://trac.imagemagick.org/changeset/13736", "name" : "https://web.archive.org/web/20090120112751/http://trac.imagemagick.org/changeset/13736", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagemagick:imagemagick:6.8.8-5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-06T15:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2031", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://samiam.org/blog/2014-02-12.html", "name" : "http://samiam.org/blog/2014-02-12.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://samiam.org/blog/2014-02-12.html", "name" : "http://samiam.org/blog/2014-02-12.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/19/15", "name" : "[oss-security] 20140219 Re: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/19/15", "name" : "[oss-security] 20140219 Re: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.securitytracker.com/id/1029771", "name" : "1029771", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1029771", "name" : "1029771", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066609", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066609", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066609", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066609", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91203", "name" : "maradns-cve20142031-dos(91203)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91203", "name" : "maradns-cve20142031-dos(91203)", "refsource" : "", "tags" : [ "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to a logic error." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:maradns_project:maradns:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:maradns_project:maradns:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0.05", "versionEndExcluding" : "2.0.09", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:deadwood_project:deadwood:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.01", "versionEndExcluding" : "3.2.05", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:deadwood_project:deadwood:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.3.09", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2032", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" }, { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://samiam.org/blog/2014-02-12.html", "name" : "http://samiam.org/blog/2014-02-12.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://samiam.org/blog/2014-02-12.html", "name" : "http://samiam.org/blog/2014-02-12.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/19/15", "name" : "[oss-security] 20140219 Re: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/19/15", "name" : "[oss-security] 20140219 Re: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.securityfocus.com/bid/65595", "name" : "65595", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65595", "name" : "65595", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1029771", "name" : "1029771", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1029771", "name" : "1029771", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066609", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066609", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066609", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066609", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91204", "name" : "maradns-cve20142032-dos(91204)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91204", "name" : "maradns-cve20142032-dos(91204)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:maradns_project:maradns:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:maradns_project:maradns:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0.05", "versionEndExcluding" : "2.0.09", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:deadwood_project:deadwood:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.01", "versionEndExcluding" : "3.2.05", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:deadwood_project:deadwood:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.3.09", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2048", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91973", "name" : "owncloud-cve20142048-sec-bypass(91973)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91973", "name" : "owncloud-cve20142048-sec-bypass(91973)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://owncloud.org/security/advisories/insecure-openid-implementation/", "name" : "https://owncloud.org/security/advisories/insecure-openid-implementation/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://owncloud.org/security/advisories/insecure-openid-implementation/", "name" : "https://owncloud.org/security/advisories/insecure-openid-implementation/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.0.15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-26T18:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2050", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91971", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91971", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91971", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91971", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://owncloud.org/security/advisories/host-header-poisoning/", "name" : "https://owncloud.org/security/advisories/host-header-poisoning/", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://owncloud.org/security/advisories/host-header-poisoning/", "name" : "https://owncloud.org/security/advisories/host-header-poisoning/", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://www.securityfocus.com/bid/66221", "name" : "https://www.securityfocus.com/bid/66221", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/66221", "name" : "https://www.securityfocus.com/bid/66221", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.0.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:owncloud:owncloud_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndExcluding" : "6.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-23T20:15Z", "lastModifiedDate" : "2025-03-31T11:54Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2052", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://owncloud.org/about/security/advisories/oC-SA-2014-006/", "name" : "http://owncloud.org/about/security/advisories/oC-SA-2014-006/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://owncloud.org/about/security/advisories/oC-SA-2014-006/", "name" : "http://owncloud.org/about/security/advisories/oC-SA-2014-006/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://owncloud.org/security/advisories/xxe-multiple-third-party-components/", "name" : "https://owncloud.org/security/advisories/xxe-multiple-third-party-components/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://owncloud.org/security/advisories/xxe-multiple-third-party-components/", "name" : "https://owncloud.org/security/advisories/xxe-multiple-third-party-components/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/66222", "name" : "https://www.securityfocus.com/bid/66222", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/66222", "name" : "https://www.securityfocus.com/bid/66222", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.0.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:owncloud:owncloud_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndExcluding" : "6.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-11T16:15Z", "lastModifiedDate" : "2025-03-31T11:54Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2069", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2014/Feb/219", "name" : "20140222 [CVE-2014-2069] 'eshtery CMS' allows remote attackers to read arbitrary files", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Feb/219", "name" : "20140222 [CVE-2014-2069] 'eshtery CMS' allows remote attackers to read arbitrary files", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/65740", "name" : "65740", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65740", "name" : "65740", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91463", "name" : "eshtery-filemanager-file-disclosure(91463)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91463", "name" : "eshtery-filemanager-file-disclosure(91463)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eshtery.she7ata:eshtery_cms:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-16T09:58Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2071", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.arubanetworks.com/assets/alert/aid-050214.asc", "name" : "http://www.arubanetworks.com/assets/alert/aid-050214.asc", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.arubanetworks.com/assets/alert/aid-050214.asc", "name" : "http://www.arubanetworks.com/assets/alert/aid-050214.asc", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.3", "versionEndExcluding" : "6.3.0.61712", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.2", "versionEndExcluding" : "6.2.5.61640", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.1", "versionEndIncluding" : "6.1.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.1", "versionEndIncluding" : "6.1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:M/Au:S/C:P/I:P/A:P", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.4, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2072", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/125308/Catia-V5-6R2013-Stack-Buffer-Overflow.html", "name" : "http://packetstormsecurity.com/files/125308/Catia-V5-6R2013-Stack-Buffer-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/125308/Catia-V5-6R2013-Stack-Buffer-Overflow.html", "name" : "http://packetstormsecurity.com/files/125308/Catia-V5-6R2013-Stack-Buffer-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65675", "name" : "http://www.securityfocus.com/bid/65675", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65675", "name" : "http://www.securityfocus.com/bid/65675", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-database.net/?id=60103", "name" : "Exploit Database", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-database.net/?id=60103", "name" : "Exploit Database", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:3ds:catia:v5-6r2013:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-08T16:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2073", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/125325/Catia-V5-6R2013-Stack-Buffer-Overflow.html", "name" : "http://packetstormsecurity.com/files/125325/Catia-V5-6R2013-Stack-Buffer-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/125325/Catia-V5-6R2013-Stack-Buffer-Overflow.html", "name" : "http://packetstormsecurity.com/files/125325/Catia-V5-6R2013-Stack-Buffer-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to \"CATV5_Backbone_Bus.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:3ds:catia:v5-6r2013:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-10T15:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2078", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/531502/100/0/threaded", "name" : "20140317 Open-Xchange Security Advisory 2014-03-17", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/531502/100/0/threaded", "name" : "20140317 Open-Xchange Security Advisory 2014-03-17", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92017", "name" : "appsuite-cve20142078-info-disc(92017)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92017", "name" : "appsuite-cve20142078-info-disc(92017)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-10T15:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2079", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/02/24/5", "name" : "[oss-security] 20140224 Re: xfe: directory masks ignored when creating new files on Samba and NFS", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/02/24/5", "name" : "[oss-security] 20140224 Re: xfe: directory masks ignored when creating new files on Samba and NFS", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/65748", "name" : "65748", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65748", "name" : "65748", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739536", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739536", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739536", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739536", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1069066", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1069066", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1069066", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1069066", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91519", "name" : "xfile-explorer-cve20142079-sec-bypass(91519)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91519", "name" : "xfile-explorer-cve20142079-sec-bypass(91519)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x_file_explorer_project:x_file_explorer:1.32.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-16T14:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2085", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2084. Reason: This issue was MERGED into CVE-2014-2084 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-2084 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-05-17T19:55Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2149", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2150", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2188", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0607. Reason: This candidate is a duplicate of CVE-2015-0607. The wrong ID was used. Notes: All CVE users should reference CVE-2015-0607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-02-27T02:59Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2189", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2213", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2014/q1/444", "name" : "http://seclists.org/oss-sec/2014/q1/444", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q1/444", "name" : "http://seclists.org/oss-sec/2014/q1/444", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/65843", "name" : "http://www.securityfocus.com/bid/65843", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65843", "name" : "http://www.securityfocus.com/bid/65843", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://sysdream.com/news/lab/posh-3-2-1-multiple-vulnerabilities/", "name" : "https://sysdream.com/news/lab/posh-3-2-1-multiple-vulnerabilities/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://sysdream.com/news/lab/posh-3-2-1-multiple-vulnerabilities/", "name" : "https://sysdream.com/news/lab/posh-3-2-1-multiple-vulnerabilities/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:posh_project:posh:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-22T19:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2214", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2014/q1/444", "name" : "http://seclists.org/oss-sec/2014/q1/444", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q1/444", "name" : "http://seclists.org/oss-sec/2014/q1/444", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://sysdream.com/news/lab/posh-3-2-1-multiple-vulnerabilities/", "name" : "https://sysdream.com/news/lab/posh-3-2-1-multiple-vulnerabilities/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://sysdream.com/news/lab/posh-3-2-1-multiple-vulnerabilities/", "name" : "https://sysdream.com/news/lab/posh-3-2-1-multiple-vulnerabilities/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:posh_project:posh:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-22T19:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2215", "ASSIGNER" : "psirt@fortinet.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2225", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2014/Jul/126", "name" : "http://seclists.org/fulldisclosure/2014/Jul/126", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jul/126", "name" : "http://seclists.org/fulldisclosure/2014/Jul/126", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html", "name" : "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html", "name" : "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ui:unifi_controller:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ui:airvision_controller:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ui:mfi_controller:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-08T16:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2228", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-776" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://web.archive.org/web/20140425095352/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Remote-code-execution-and-XML-Entity-Expansion-injection/ba-p/6403370", "name" : "https://web.archive.org/web/20140425095352/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Remote-code-execution-and-XML-Entity-Expansion-injection/ba-p/6403370", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://web.archive.org/web/20140425095352/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Remote-code-execution-and-XML-Entity-Expansion-injection/ba-p/6403370", "name" : "https://web.archive.org/web/20140425095352/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Remote-code-execution-and-XML-Entity-Expansion-injection/ba-p/6403370", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:talend:restlet:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.1.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:talend:restlet:2.2:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:talend:restlet:2.2:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:talend:restlet:2.2:m2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:talend:restlet:2.2:m3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:talend:restlet:2.2:m4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:talend:restlet:2.2:m5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:talend:restlet:2.2:m6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:talend:restlet:2.2:m1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:talend:restlet:2.2:snapshot:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-19T14:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2271", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm", "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm", "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/71381", "name" : "http://www.securityfocus.com/bid/71381", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/71381", "name" : "http://www.securityfocus.com/bid/71381", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99089", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99089", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99089", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99089", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://labs.f-secure.com/advisories/kingsoft-office-remote-code-execution/", "name" : "https://labs.f-secure.com/advisories/kingsoft-office-remote-code-execution/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.f-secure.com/advisories/kingsoft-office-remote-code-execution/", "name" : "https://labs.f-secure.com/advisories/kingsoft-office-remote-code-execution/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.f-secure.com/assets/763/original/mwri_advisory_huawei_kingsoft-office.pdf", "name" : "https://labs.f-secure.com/assets/763/original/mwri_advisory_huawei_kingsoft-office.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.f-secure.com/assets/763/original/mwri_advisory_huawei_kingsoft-office.pdf", "name" : "https://labs.f-secure.com/assets/763/original/mwri_advisory_huawei_kingsoft-office.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wps:wps_office:5.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:p2-6011_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "v100r001c00b043", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:p2-6011:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-14T17:15Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2274", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.dxw.com/advisories/stored-xss-and-csrf-vulnerabilities-in-subscribe-to-comments-reloaded-140129/", "name" : "https://security.dxw.com/advisories/stored-xss-and-csrf-vulnerabilities-in-subscribe-to-comments-reloaded-140129/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://security.dxw.com/advisories/stored-xss-and-csrf-vulnerabilities-in-subscribe-to-comments-reloaded-140129/", "name" : "https://security.dxw.com/advisories/stored-xss-and-csrf-vulnerabilities-in-subscribe-to-comments-reloaded-140129/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/subscribe-to-comments-reloaded/#developers", "name" : "https://wordpress.org/plugins/subscribe-to-comments-reloaded/#developers", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/subscribe-to-comments-reloaded/#developers", "name" : "https://wordpress.org/plugins/subscribe-to-comments-reloaded/#developers", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:subscribe_to_comments_reloaded_project:subscribe_to_comments_reloaded:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "140204", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-19T21:29Z", "lastModifiedDate" : "2024-11-21T02:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2293", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://karmainsecurity.com/KIS-2014-02", "name" : "http://karmainsecurity.com/KIS-2014-02", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://karmainsecurity.com/KIS-2014-02", "name" : "http://karmainsecurity.com/KIS-2014-02", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91786", "name" : "zikula-cve20142293-code-exec(91786)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91786", "name" : "zikula-cve20142293-code-exec(91786)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91787", "name" : "zikula-securityutil-code-exec(91787)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91787", "name" : "zikula-securityutil-code-exec(91787)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/", "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/", "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-26T18:29Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2294", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://karmainsecurity.com/KIS-2014-03", "name" : "http://karmainsecurity.com/KIS-2014-03", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://karmainsecurity.com/KIS-2014-03", "name" : "http://karmainsecurity.com/KIS-2014-03", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwebanalytics.com/?p=388", "name" : "http://www.openwebanalytics.com/?p=388", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.openwebanalytics.com/?p=388", "name" : "http://www.openwebanalytics.com/?p=388", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://secuniaresearch.flexerasoftware.com/advisories/56999", "name" : "https://secuniaresearch.flexerasoftware.com/advisories/56999", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://secuniaresearch.flexerasoftware.com/advisories/56999", "name" : "https://secuniaresearch.flexerasoftware.com/advisories/56999", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-3/", "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-3/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-3/", "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-3/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/66076", "name" : "66076", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/66076", "name" : "66076", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openwebanalytics:open_web_analytics:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-17T19:29Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2296", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://jasig.275507.n4.nabble.com/CAS-3-5-2-1-and-3-4-12-1-Security-Releases-td4662444.html", "name" : "[cas-dev] 20140401 CAS 3.5.2.1 and 3.4.12.1 Security Releases", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://jasig.275507.n4.nabble.com/CAS-3-5-2-1-and-3-4-12-1-Security-Releases-td4662444.html", "name" : "[cas-dev] 20140401 CAS 3.5.2.1 and 3.4.12.1 Security Releases", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://vigilance.fr/vulnerability/Jasig-CAS-Server-bypassing-authentication-via-Google-Accounts-Integration-14512", "name" : "https://vigilance.fr/vulnerability/Jasig-CAS-Server-bypassing-authentication-via-Google-Accounts-Integration-14512", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vigilance.fr/vulnerability/Jasig-CAS-Server-bypassing-authentication-via-Google-Accounts-Integration-14512", "name" : "https://vigilance.fr/vulnerability/Jasig-CAS-Server-bypassing-authentication-via-Google-Accounts-Integration-14512", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apereo:cas_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.5", "versionEndExcluding" : "3.5.2.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apereo:cas_server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.4.12.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-20T17:29Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2297", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/531773/100/0/threaded", "name" : "20140408 Re: CVE-2014-2297(WordPress-videowhisper-live-streaming-integration 4.29.6-Xss)", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/531773/100/0/threaded", "name" : "20140408 Re: CVE-2014-2297(WordPress-videowhisper-live-streaming-integration 4.29.6-Xss)", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.29.6:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-19T21:29Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2302", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html", "name" : "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html", "name" : "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/147", "name" : "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/147", "name" : "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/532230/100/0/threaded", "name" : "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/532230/100/0/threaded", "name" : "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/67692", "name" : "67692", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/67692", "name" : "67692", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004", "name" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004", "name" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webedition:webedition_cms:6.2.7.0:s1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webedition:webedition_cms:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.2.7.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webedition:webedition_cms:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.3.0", "versionEndExcluding" : "6.3.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webedition:webedition_cms:6.3.8:s1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-19T17:29Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2304", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://dovernetworks.com/wp-content/uploads/2014/03/OpenFloodlight-03052014.pdf", "name" : "http://dovernetworks.com/wp-content/uploads/2014/03/OpenFloodlight-03052014.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://dovernetworks.com/wp-content/uploads/2014/03/OpenFloodlight-03052014.pdf", "name" : "http://dovernetworks.com/wp-content/uploads/2014/03/OpenFloodlight-03052014.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:projectfloodlight:open_sdn_controller:0.90:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-10-23T18:15Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2312", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/03/08/4", "name" : "[oss-security] 20140308 CVE Request: thermald", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/03/08/4", "name" : "[oss-security] 20140308 CVE Request: thermald", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/03/09/2", "name" : "[oss-security] 20140308 Re: CVE Request: thermald", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/03/09/2", "name" : "[oss-security] 20140308 Re: CVE Request: thermald", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:intel:thermald:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 9.2, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-26T18:29Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2344", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2359", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94788", "name" : "oleumtech-cve20142359-info-disc(94788)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94788", "name" : "oleumtech-cve20142359-info-disc(94788)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ioactive.com/pdfs/IOActive_Advisory_OleumTech.pdf", "name" : "https://ioactive.com/pdfs/IOActive_Advisory_OleumTech.pdf", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://ioactive.com/pdfs/IOActive_Advisory_OleumTech.pdf", "name" : "https://ioactive.com/pdfs/IOActive_Advisory_OleumTech.pdf", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:oleumtech:ft1_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:oleumtech:ft1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:oleumtech:ad1_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:oleumtech:ad1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-06T16:29Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2387", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-668" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/03/13/5", "name" : "http://www.openwall.com/lists/oss-security/2014/03/13/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/03/13/5", "name" : "http://www.openwall.com/lists/oss-security/2014/03/13/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/03/14/2", "name" : "http://www.openwall.com/lists/oss-security/2014/03/14/2", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/03/14/2", "name" : "http://www.openwall.com/lists/oss-security/2014/03/14/2", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.securityfocus.com/bid/66214", "name" : "http://www.securityfocus.com/bid/66214", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/66214", "name" : "http://www.securityfocus.com/bid/66214", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-2387", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-2387", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-2387", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-2387", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-2387", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-2387", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-2387", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-2387", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91992", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91992", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91992", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91992", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-2387", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-2387", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-2387", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-2387", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pen_project:pen:0.18.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-13T14:15Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2462", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2550", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92219", "name" : "disable-comments-wordpress-csrf(92219)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92219", "name" : "disable-comments-wordpress-csrf(92219)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security.dxw.com/advisories/csrf-in-disable-comments-1-0-3/", "name" : "https://security.dxw.com/advisories/csrf-in-disable-comments-1-0-3/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://security.dxw.com/advisories/csrf-in-disable-comments-1-0-3/", "name" : "https://security.dxw.com/advisories/csrf-in-disable-comments-1-0-3/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/disable-comments/#developers", "name" : "https://wordpress.org/plugins/disable-comments/#developers", "refsource" : "", "tags" : [ "Product", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/disable-comments/#developers", "name" : "https://wordpress.org/plugins/disable-comments/#developers", "refsource" : "", "tags" : [ "Product", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:disable_comments:disable_comments_project:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-19T21:29Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2552", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92129", "name" : "bccollected-ezpublish-cve20142552sec-bypass(92129)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92129", "name" : "bccollected-ezpublish-cve20142552sec-bypass(92129)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f", "name" : "https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f", "name" : "https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-004/?fid=3853", "name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-004/?fid=3853", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-004/?fid=3853", "name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-004/?fid=3853", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brookinsconsulting:collected_information_export:1.1.0:*:*:*:*:ez_publish:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-27T16:29Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2560", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-916" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://seclists.org/bugtraq/2014/Mar/185", "name" : "https://seclists.org/bugtraq/2014/Mar/185", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2014/Mar/185", "name" : "https://seclists.org/bugtraq/2014/Mar/185", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a \"SIP Digest Leak\" issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phoner:phonerlite:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.6, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-12T14:15Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2581", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133898.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133898.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133898.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133898.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133901.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133901.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133901.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133901.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://sourceforge.net/projects/smb4k/files/1.1.1/", "name" : "http://sourceforge.net/projects/smb4k/files/1.1.1/", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "http://sourceforge.net/projects/smb4k/files/1.1.1/", "name" : "http://sourceforge.net/projects/smb4k/files/1.1.1/", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/03/24/1", "name" : "http://www.openwall.com/lists/oss-security/2014/03/24/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/03/24/1", "name" : "http://www.openwall.com/lists/oss-security/2014/03/24/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/03/25/5", "name" : "http://www.openwall.com/lists/oss-security/2014/03/25/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/03/25/5", "name" : "http://www.openwall.com/lists/oss-security/2014/03/25/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.gentoo.org/505376", "name" : "https://bugs.gentoo.org/505376", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugs.gentoo.org/505376", "name" : "https://bugs.gentoo.org/505376", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the \"Additional options\" line edit." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:smb4k_project:smb4k:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-28T15:15Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2592", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2592/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2592/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2592/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2592/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:arubanetworks:web_management_portal:6.3.0.60730:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-09T20:29Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2595", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-613" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "name" : "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "name" : "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Aug/5", "name" : "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Aug/5", "name" : "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.osvdb.org/109782", "name" : "http://www.osvdb.org/109782", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.osvdb.org/109782", "name" : "http://www.osvdb.org/109782", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "name" : "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "name" : "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/39278", "name" : "https://www.exploit-db.com/exploits/39278", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/39278", "name" : "https://www.exploit-db.com/exploits/39278", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.securityfocus.com/bid/69028", "name" : "https://www.securityfocus.com/bid/69028", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/69028", "name" : "https://www.securityfocus.com/bid/69028", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-12T01:15Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2650", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx", "name" : "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx", "name" : "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://networks.unify.com/security/advisories/OBSO-1403-01.pdf", "name" : "https://networks.unify.com/security/advisories/OBSO-1403-01.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://networks.unify.com/security/advisories/OBSO-1403-01.pdf", "name" : "https://networks.unify.com/security/advisories/OBSO-1403-01.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_80_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_80:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_80_g_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_80_g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_60_g_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_60_g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_60_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_40_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_40_g_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_40_g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_20_e_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_20_e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_20_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_20_g_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_20_g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_15_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_15:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_15_g_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_15_g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_5_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_5:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openscape_desk_phone_ip_35g_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openscape_desk_phone_ip_35g_eco_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openscape_desk_phone_ip_55g_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-09T13:15Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2651", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx", "name" : "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx", "name" : "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf", "name" : "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf", "name" : "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_80_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_80:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_80_g_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_80_g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_60_g_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_60_g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_60_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_40_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_40_g_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_40_g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_20_e_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_20_e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_20_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_20_g_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_20_g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_15_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_15:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openstage_15_g_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openstage_15_g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openscape_desk_phone_ip_35g_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openscape_desk_phone_ip_35g_eco_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atos:openscape_desk_phone_ip_55g_firmware:v3:r3.11.0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-09T13:15Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2652", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://networks.unify.com/security/advisories/OBSO-1404-01.pdf", "name" : "https://networks.unify.com/security/advisories/OBSO-1404-01.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://networks.unify.com/security/advisories/OBSO-1404-01.pdf", "name" : "https://networks.unify.com/security/advisories/OBSO-1404-01.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unify:openscape_deployment_service:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unify:openscape_deployment_service:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-19T21:29Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2656", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that the vulnerability report was not valid. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-06-01T15:59Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2674", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.dxw.com/advisories/end-user-exploitable-local-file-inclusion-vulnerability-in-ajax-pagination-twitter-style-1-1/", "name" : "https://security.dxw.com/advisories/end-user-exploitable-local-file-inclusion-vulnerability-in-ajax-pagination-twitter-style-1-1/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://security.dxw.com/advisories/end-user-exploitable-local-file-inclusion-vulnerability-in-ajax-pagination-twitter-style-1-1/", "name" : "https://security.dxw.com/advisories/end-user-exploitable-local-file-inclusion-vulnerability-in-ajax-pagination-twitter-style-1-1/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ajax-pagination_project:ajax-pagination:1.1:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-19T21:29Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2675", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/", "name" : "https://security.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://security.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/", "name" : "https://security.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wp-html-sitemap_project:wp-html-sitemap:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-19T21:29Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2680", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://web.archive.org/web/20160822124252/http://rampartssecurity.com/docs/Xmind-MITM.pdf", "name" : "https://web.archive.org/web/20160822124252/http://rampartssecurity.com/docs/Xmind-MITM.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://web.archive.org/web/20160822124252/http://rampartssecurity.com/docs/Xmind-MITM.pdf", "name" : "https://web.archive.org/web/20160822124252/http://rampartssecurity.com/docs/Xmind-MITM.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmind:xmind:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-21T19:15Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2686", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-670" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://groups.google.com/forum/#%21searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ", "name" : "https://groups.google.com/forum/#%21searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/forum/#%21searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ", "name" : "https://groups.google.com/forum/#%21searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ansible prior to 1.5.4 mishandles the evaluation of some strings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-09T13:15Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2721", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-276" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fortiguard.com/advisory/FG-IR-14-010", "name" : "https://fortiguard.com/advisory/FG-IR-14-010", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://fortiguard.com/advisory/FG-IR-14-010", "name" : "https://fortiguard.com/advisory/FG-IR-14-010", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortibalancer_400_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fortinet:fortibalancer_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortibalancer_1000_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fortinet:fortibalancer_1000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortibalancer_2000_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fortinet:fortibalancer_2000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortibalancer_3000_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fortinet:fortibalancer_3000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-19T16:15Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2722", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-276" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fortiguard.com/advisory/FG-IR-14-010", "name" : "https://fortiguard.com/advisory/FG-IR-14-010", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://fortiguard.com/advisory/FG-IR-14-010", "name" : "https://fortiguard.com/advisory/FG-IR-14-010", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortibalancer_400_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fortinet:fortibalancer_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortibalancer_1000_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fortinet:fortibalancer_1000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortibalancer_2000_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fortinet:fortibalancer_2000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortibalancer_3000_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fortinet:fortibalancer_3000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-19T16:15Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2723", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-276" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fortiguard.com/advisory/FG-IR-14-010", "name" : "https://fortiguard.com/advisory/FG-IR-14-010", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://fortiguard.com/advisory/FG-IR-14-010", "name" : "https://fortiguard.com/advisory/FG-IR-14-010", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortibalancer_400_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fortinet:fortibalancer_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortibalancer_1000_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fortinet:fortibalancer_1000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortibalancer_2000_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fortinet:fortibalancer_2000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortibalancer_3000_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fortinet:fortibalancer_3000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-19T16:15Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2727", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.trustwave.com/software/mailmarshal_smtp/MailMarshalSEG-ReleaseNotes-7.2.0.6272.htm", "name" : "http://www.trustwave.com/software/mailmarshal_smtp/MailMarshalSEG-ReleaseNotes-7.2.0.6272.htm", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.trustwave.com/software/mailmarshal_smtp/MailMarshalSEG-ReleaseNotes-7.2.0.6272.htm", "name" : "http://www.trustwave.com/software/mailmarshal_smtp/MailMarshalSEG-ReleaseNotes-7.2.0.6272.htm", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trustwave:mailmarshal:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-19T14:15Z", "lastModifiedDate" : "2024-11-21T02:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2750", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2744, CVE-2014-2745. Reason: This candidate is a duplicate of CVE-2014-2744 and/or CVE-2014-2745. Notes: All CVE users should reference CVE-2014-2744 and/or CVE-2014-2745 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-04-10T20:55Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2762", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2793", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2805", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2812", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2843", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp", "name" : "http://iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp", "name" : "http://iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp", "name" : "http://iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp", "name" : "http://iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.christian-schneider.net/advisories/CVE-2014-2843.txt", "name" : "http://www.christian-schneider.net/advisories/CVE-2014-2843.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.christian-schneider.net/advisories/CVE-2014-2843.txt", "name" : "http://www.christian-schneider.net/advisories/CVE-2014-2843.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:infoware:mapsuite:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.0", "versionEndExcluding" : "1.0.36", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:infoware:mapsuite:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.1.0", "versionEndExcluding" : "1.1.49", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-31T18:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2875", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-307" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2014/Apr/318", "name" : "http://seclists.org/fulldisclosure/2014/Apr/318", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Apr/318", "name" : "http://seclists.org/fulldisclosure/2014/Apr/318", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/531981/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/531981/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/531981/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/531981/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", "name" : "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", "name" : "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keplerproject:cgilua:5.2:alpha1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keplerproject:cgilua:5.2:alpha2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keplerproject:cgilua:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "5.0.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keplerproject:cgilua:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.1.0", "versionEndIncluding" : "5.1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-06T16:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2884", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" }, { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/04/17/7", "name" : "[oss-security] 20140417 Re: TrueCrypt audit report", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/04/17/7", "name" : "[oss-security] 20140417 Re: TrueCrypt audit report", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List" ] }, { "url" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf", "name" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf", "name" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:truecrypt_project:truecrypt:7.1:a:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-19T21:29Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2885", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" }, { "lang" : "en", "value" : "CWE-190" }, { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/04/17/7", "name" : "[oss-security] 20140417 Re: TrueCrypt audit report", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/04/17/7", "name" : "[oss-security] 20140417 Re: TrueCrypt audit report", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List" ] }, { "url" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf", "name" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf", "name" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:truecrypt_project:truecrypt:7.1:a:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-19T21:29Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2887", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-07T16:15Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2895", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-07T16:15Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2896", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2014/q2/126", "name" : "http://seclists.org/oss-sec/2014/q2/126", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/126", "name" : "http://seclists.org/oss-sec/2014/q2/126", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/130", "name" : "http://seclists.org/oss-sec/2014/q2/130", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/130", "name" : "http://seclists.org/oss-sec/2014/q2/130", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", "name" : "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", "name" : "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", "name" : "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", "name" : "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.5.0", "versionEndExcluding" : "2.9.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-28T16:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2897", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2014/q2/126", "name" : "http://seclists.org/oss-sec/2014/q2/126", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/126", "name" : "http://seclists.org/oss-sec/2014/q2/126", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/130", "name" : "http://seclists.org/oss-sec/2014/q2/130", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/130", "name" : "http://seclists.org/oss-sec/2014/q2/130", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", "name" : "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", "name" : "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", "name" : "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", "name" : "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.5.0", "versionEndExcluding" : "2.9.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-28T16:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2898", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2014/q2/126", "name" : "http://seclists.org/oss-sec/2014/q2/126", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/126", "name" : "http://seclists.org/oss-sec/2014/q2/126", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/130", "name" : "http://seclists.org/oss-sec/2014/q2/130", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/130", "name" : "http://seclists.org/oss-sec/2014/q2/130", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", "name" : "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", "name" : "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", "name" : "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", "name" : "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.9.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-28T16:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2901", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/04/18/2", "name" : "http://www.openwall.com/lists/oss-security/2014/04/18/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/04/18/2", "name" : "http://www.openwall.com/lists/oss-security/2014/04/18/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-2901", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-2901", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-2901", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-2901", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "wolfssl before 3.2.0 does not properly issue certificates for a server's hostname." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-21T23:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2902", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/04/18/2", "name" : "http://www.openwall.com/lists/oss-security/2014/04/18/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/04/18/2", "name" : "http://www.openwall.com/lists/oss-security/2014/04/18/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792646", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792646", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792646", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792646", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-2902", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-2902", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-2902", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-2902", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-21T23:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2904", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/04/18/2", "name" : "http://www.openwall.com/lists/oss-security/2014/04/18/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/04/18/2", "name" : "http://www.openwall.com/lists/oss-security/2014/04/18/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792646", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792646", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792646", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792646", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-2904", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-2904", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-2904", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-2904", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-21T23:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2906", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/04/28/4", "name" : "http://www.openwall.com/lists/oss-security/2014/04/28/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/04/28/4", "name" : "http://www.openwall.com/lists/oss-security/2014/04/28/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://github.com/fish-shell/fish-shell/issues/1437", "name" : "https://github.com/fish-shell/fish-shell/issues/1437", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/fish-shell/fish-shell/issues/1437", "name" : "https://github.com/fish-shell/fish-shell/issues/1437", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1", "name" : "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1", "name" : "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fishshell:fish:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.16.0", "versionEndExcluding" : "2.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.0, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-28T16:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2914", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/04/28/4", "name" : "http://www.openwall.com/lists/oss-security/2014/04/28/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/04/28/4", "name" : "http://www.openwall.com/lists/oss-security/2014/04/28/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://github.com/fish-shell/fish-shell/issues/1438", "name" : "https://github.com/fish-shell/fish-shell/issues/1438", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/fish-shell/fish-shell/issues/1438", "name" : "https://github.com/fish-shell/fish-shell/issues/1438", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fishshell:fish:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0.0", "versionEndExcluding" : "2.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-28T16:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2937", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3220. Reason: This candidate is a reservation duplicate of CVE-2014-3220. Notes: All CVE users should reference CVE-2014-3220 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-11-06T00:55Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2943", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2886, CVE-2014-2942. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-2886 and CVE-2014-2942 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-08-15T11:15Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2944", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2945", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2970", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality for certain process-bifurcation use cases that might arise in future LibreSSL-based applications. There is no CVE ID associated with this LibreSSL code change. As of 20140730, CVE-2014-5139 is an undisclosed vulnerability in a different product, with ongoing vulnerability coordination that had previously used the CVE-2014-2970 ID" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-07-31T05:06Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2973", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5753. Reason: This candidate is a duplicate of CVE-2008-5753. Notes: All CVE users should reference CVE-2008-5753 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-12-15T18:59Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-2984", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2650. Reason: This candidate is a reservation duplicate of CVE-2014-2650. Notes: All CVE users should reference CVE-2014-2650 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-04-25T05:12Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3003", "ASSIGNER" : "productcert@siemens.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3005", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html", "name" : "FEDORA-2014-7594", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html", "name" : "FEDORA-2014-7594", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html", "name" : "FEDORA-2014-7603", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html", "name" : "FEDORA-2014-7603", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jun/87", "name" : "20140617 [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jun/87", "name" : "20140617 [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/68075", "name" : "68075", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68075", "name" : "68075", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1110496", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1110496", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1110496", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1110496", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://support.zabbix.com/browse/ZBX-8151", "name" : "https://support.zabbix.com/browse/ZBX-8151", "refsource" : "", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "https://support.zabbix.com/browse/ZBX-8151", "name" : "https://support.zabbix.com/browse/ZBX-8151", "refsource" : "", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273", "name" : "https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273", "name" : "https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.0.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zabbix:zabbix:1.8.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-01T17:29Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3114", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/05/01/11", "name" : "[oss-security] 20140501 CVE-2014-3114 WordPress plugin ezpz-one-click-backup cmd parameter os command injection", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/01/11", "name" : "[oss-security] 20140501 CVE-2014-3114 WordPress plugin ezpz-one-click-backup cmd parameter os command injection", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezpz-one-click-backup_project:ezpz-one-click-backup:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "12.03.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-10T15:29Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3119", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/web2project/web2project/commit/ab5ba92a6aaf0435cd0b2132cf7f9b7b41575a28", "name" : "https://github.com/web2project/web2project/commit/ab5ba92a6aaf0435cd0b2132cf7f9b7b41575a28", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/web2project/web2project/commit/ab5ba92a6aaf0435cd0b2132cf7f9b7b41575a28", "name" : "https://github.com/web2project/web2project/commit/ab5ba92a6aaf0435cd0b2132cf7f9b7b41575a28", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/web2project/web2project/commit/eead99b36f62a8222d9f3a913f1a2268200687ef", "name" : "https://github.com/web2project/web2project/commit/eead99b36f62a8222d9f3a913f1a2268200687ef", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/web2project/web2project/commit/eead99b36f62a8222d9f3a913f1a2268200687ef", "name" : "https://github.com/web2project/web2project/commit/eead99b36f62a8222d9f3a913f1a2268200687ef", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23213", "name" : "https://www.htbridge.com/advisory/HTB23213", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23213", "name" : "https://www.htbridge.com/advisory/HTB23213", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:web2project:web2project:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-31T21:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3136", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95022", "name" : "95022", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95022", "name" : "95022", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/cve/CVE-2014-3136", "name" : "https://packetstormsecurity.com/files/cve/CVE-2014-3136", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/cve/CVE-2014-3136", "name" : "https://packetstormsecurity.com/files/cve/CVE-2014-3136", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/68967", "name" : "68967", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/68967", "name" : "68967", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dwr-113_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.03b02", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dwr-113:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T21:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3140", "ASSIGNER" : "psirt@fortinet.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3180", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=408827", "name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=408827", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=408827", "name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=408827", "refsource" : "", "tags" : [ ] }, { "url" : "https://lkml.org/lkml/2014/9/7/29", "name" : "https://lkml.org/lkml/2014/9/7/29", "refsource" : "", "tags" : [ ] }, { "url" : "https://lkml.org/lkml/2014/9/7/29", "name" : "https://lkml.org/lkml/2014/9/7/29", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.17", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-06T20:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3205", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.exploit-db.com/exploits/33159/", "name" : "33159", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/33159/", "name" : "33159", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:seagate:blackarmor_nas_220_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:seagate:blackarmor_nas_220:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:seagate:blackarmor_nas_110_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:seagate:blackarmor_nas_110:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-23T17:29Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3206", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.exploit-db.com/exploits/33159/", "name" : "33159", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/33159/", "name" : "33159", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:seagate:blackarmor_nas_220_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:seagate:blackarmor_nas_220:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:seagate:blackarmor_nas_110_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:seagate:blackarmor_nas_110:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-23T17:29Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3208", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/05/05/3", "name" : "http://www.openwall.com/lists/oss-security/2014/05/05/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/05/3", "name" : "http://www.openwall.com/lists/oss-security/2014/05/05/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/67219", "name" : "https://www.securityfocus.com/bid/67219", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/67219", "name" : "https://www.securityfocus.com/bid/67219", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery)," } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:askpop3d_project:askpop3d:0.7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-13T20:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3211", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211", "name" : "https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211", "name" : "https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Publify before 8.0.1 is vulnerable to a Denial of Service attack" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:publify:publify:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-09T14:15Z", "lastModifiedDate" : "2025-04-11T19:52Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3219", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132751.html", "name" : "FEDORA-2014-5783", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132751.html", "name" : "FEDORA-2014-5783", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00059.html", "name" : "openSUSE-SU-2019:2177", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00059.html", "name" : "openSUSE-SU-2019:2177", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00071.html", "name" : "openSUSE-SU-2019:2188", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00071.html", "name" : "openSUSE-SU-2019:2188", "refsource" : "", "tags" : [ ] }, { "url" : "http://security.gentoo.org/glsa/glsa-201412-49.xml", "name" : "GLSA-201412-49", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://security.gentoo.org/glsa/glsa-201412-49.xml", "name" : "GLSA-201412-49", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/06/3", "name" : "[oss-security] 20140506 Re: Upcoming security release of fish 2.1.1", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/06/3", "name" : "[oss-security] 20140506 Re: Upcoming security release of fish 2.1.1", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/09/28/8", "name" : "[oss-security] 20140928 Security release of fish shell 2.1.1", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/09/28/8", "name" : "[oss-security] 20140928 Security release of fish shell 2.1.1", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/67115", "name" : "67115", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/67115", "name" : "67115", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1092091", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1092091", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1092091", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1092091", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/fish-shell/fish-shell/commit/3225d7e169a9edb2f470c26989e7bc8e0d0355ce", "name" : "https://github.com/fish-shell/fish-shell/commit/3225d7e169a9edb2f470c26989e7bc8e0d0355ce", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/fish-shell/fish-shell/commit/3225d7e169a9edb2f470c26989e7bc8e0d0355ce", "name" : "https://github.com/fish-shell/fish-shell/commit/3225d7e169a9edb2f470c26989e7bc8e0d0355ce", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/fish-shell/fish-shell/issues/1440", "name" : "https://github.com/fish-shell/fish-shell/issues/1440", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/fish-shell/fish-shell/issues/1440", "name" : "https://github.com/fish-shell/fish-shell/issues/1440", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fishshell:fish:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.1, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-09T22:29Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3230", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/05/02/8", "name" : "http://www.openwall.com/lists/oss-security/2014/05/02/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/02/8", "name" : "http://www.openwall.com/lists/oss-security/2014/05/02/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/04/1", "name" : "http://www.openwall.com/lists/oss-security/2014/05/04/1", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/04/1", "name" : "http://www.openwall.com/lists/oss-security/2014/05/04/1", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/06/8", "name" : "http://www.openwall.com/lists/oss-security/2014/05/06/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/06/8", "name" : "http://www.openwall.com/lists/oss-security/2014/05/06/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/libwww-perl/lwp-protocol-https/pull/14", "name" : "https://github.com/libwww-perl/lwp-protocol-https/pull/14", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/libwww-perl/lwp-protocol-https/pull/14", "name" : "https://github.com/libwww-perl/lwp-protocol-https/pull/14", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lwp\\:\\:protocol\\:\\:https_project:lwp\\:\\:protocol\\:\\:https:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.04", "versionEndIncluding" : "6.06", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-28T16:15Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3244", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2014/Jun/92", "name" : "20140618 [CVE-2014-3244]SugarCRM v6.5.16 rss dashlet LFI via XXE Attack", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jun/92", "name" : "20140618 [CVE-2014-3244]SugarCRM v6.5.16 rss dashlet LFI via XXE Attack", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/68102", "name" : "68102", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68102", "name" : "68102", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294", "name" : "https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294", "name" : "https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.5.16", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-01T17:29Z", "lastModifiedDate" : "2024-11-21T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-32537", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2354. Reason: This candidate is a duplicate of CVE-2014-2354. The wrong ID was used. Notes: All CVE users should reference CVE-2014-2354 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-13T11:59Z", "lastModifiedDate" : "2023-11-07T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3334", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3371", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3413", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627", "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627", "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.tenable.com/security/research/tra-2014-01", "name" : "https://www.tenable.com/security/research/tra-2014-01", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.tenable.com/security/research/tra-2014-01", "name" : "https://www.tenable.com/security/research/tra-2014-01", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:juniper:junos_space:13.3:r1.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:juniper:junos_space:13.3:r1.2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:juniper:junos_space:13.3:r1.3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:juniper:junos_space:13.3:r1.4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:juniper:junos_space:13.3:r1.5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:juniper:junos_space:13.3:r1.6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:juniper:junos_space:13.3:r1.7:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T17:29Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3435", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3445", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html", "name" : "http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html", "name" : "http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/130", "name" : "http://seclists.org/fulldisclosure/2014/May/130", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/130", "name" : "http://seclists.org/fulldisclosure/2014/May/130", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/", "name" : "http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/", "name" : "http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/67644", "name" : "http://www.securityfocus.com/bid/67644", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/67644", "name" : "http://www.securityfocus.com/bid/67644", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:handsomeweb:sos_webpages:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-28T15:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3447", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2014/May/86", "name" : "http://seclists.org/fulldisclosure/2014/May/86", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/86", "name" : "http://seclists.org/fulldisclosure/2014/May/86", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/126741/BSS-Continuity-CMS-4.2.22640.0-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/126741/BSS-Continuity-CMS-4.2.22640.0-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/126741/BSS-Continuity-CMS-4.2.22640.0-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/126741/BSS-Continuity-CMS-4.2.22640.0-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bss_continuity_cms_project:bss_continuty_cms:4.2.22640.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-09T14:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3448", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/126740/BSS-Continuity-CMS-4.2.22640.0-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/126740/BSS-Continuity-CMS-4.2.22640.0-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/126740/BSS-Continuity-CMS-4.2.22640.0-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/126740/BSS-Continuity-CMS-4.2.22640.0-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/85", "name" : "http://seclists.org/fulldisclosure/2014/May/85", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/85", "name" : "http://seclists.org/fulldisclosure/2014/May/85", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bss_continuity_cms_project:bss_continuty_cms:4.2.22640.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-09T14:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3449", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-306" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/126739/BSS-Continuity-CMS-4.2.22640.0-Authentication-Bypass.html", "name" : "http://packetstormsecurity.com/files/126739/BSS-Continuity-CMS-4.2.22640.0-Authentication-Bypass.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/126739/BSS-Continuity-CMS-4.2.22640.0-Authentication-Bypass.html", "name" : "http://packetstormsecurity.com/files/126739/BSS-Continuity-CMS-4.2.22640.0-Authentication-Bypass.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/84", "name" : "http://seclists.org/fulldisclosure/2014/May/84", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/84", "name" : "http://seclists.org/fulldisclosure/2014/May/84", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bss_continuity_cms_project:bss_continuty_cms:4.2.22640.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-09T14:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3463", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a unique security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-05-30T11:16Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3471", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://security.gentoo.org/glsa/glsa-201412-01.xml", "name" : "GLSA-201412-01", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://security.gentoo.org/glsa/glsa-201412-01.xml", "name" : "GLSA-201412-01", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/23/4", "name" : "[oss-security] 20140623 CVE-2014-3471 Qemu: hw: pci: use after free triggered via guest", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/23/4", "name" : "[oss-security] 20140623 CVE-2014-3471 Qemu: hw: pci: use after free triggered via guest", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/68145", "name" : "68145", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68145", "name" : "68145", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1112271", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1112271", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1112271", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1112271", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html", "name" : "[qemu-devel] 20140623 PATCH v2 3/3] hw/pcie: better hotplug/hotunplug support", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html", "name" : "[qemu-devel] 20140623 PATCH v2 3/3] hw/pcie: better hotplug/hotunplug support", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.1.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qemu:qemu:2.1.2:r1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T17:29Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3484", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.musl-libc.org/cgit/musl/commit/?id=b3d9e0b94ea73c68ef4169ec82c898ce59a4e30a", "name" : "http://git.musl-libc.org/cgit/musl/commit/?id=b3d9e0b94ea73c68ef4169ec82c898ce59a4e30a", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "http://git.musl-libc.org/cgit/musl/commit/?id=b3d9e0b94ea73c68ef4169ec82c898ce59a4e30a", "name" : "http://git.musl-libc.org/cgit/musl/commit/?id=b3d9e0b94ea73c68ef4169ec82c898ce59a4e30a", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/495", "name" : "http://seclists.org/oss-sec/2014/q2/495", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/495", "name" : "http://seclists.org/oss-sec/2014/q2/495", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:musl-libc:musl:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.1.0", "versionEndExcluding" : "1.1.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:musl-libc:musl:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.9.13", "versionEndIncluding" : "1.0.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-20T04:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3495", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-3495", "name" : "https://access.redhat.com/security/cve/cve-2014-3495", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-3495", "name" : "https://access.redhat.com/security/cve/cve-2014-3495", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-3495", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-3495", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-3495", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-3495", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-3495", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-3495", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-3495", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-3495", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "duplicity 0.6.24 has improper verification of SSL certificates" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:duplicity:0.6.24:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-13T14:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3516", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-07T16:15Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3519", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/06/24/16", "name" : "[oss-security] 20140624 OpenVZ simfs container filesystem breakout", "refsource" : "", "tags" : [ "Mailing List", "Mitigation", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/24/16", "name" : "[oss-security] 20140624 OpenVZ simfs container filesystem breakout", "refsource" : "", "tags" : [ "Mailing List", "Mitigation", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/68171", "name" : "68171", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68171", "name" : "68171", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://help.virtuozzo.com/customer/en/portal/articles/2522783-parallels-cloud-server-6-0-update-6-hotfix-8-6-0-6-2004-", "name" : "https://help.virtuozzo.com/customer/en/portal/articles/2522783-parallels-cloud-server-6-0-update-6-hotfix-8-6-0-6-2004-", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://help.virtuozzo.com/customer/en/portal/articles/2522783-parallels-cloud-server-6-0-update-6-hotfix-8-6-0-6-2004-", "name" : "https://help.virtuozzo.com/customer/en/portal/articles/2522783-parallels-cloud-server-6-0-update-6-hotfix-8-6-0-6-2004-", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://help.virtuozzo.com/customer/en/portal/articles/2563842-cu-2-6-32-042stab090-5-parallels-virtuozzo-containers-4-7-core-update", "name" : "https://help.virtuozzo.com/customer/en/portal/articles/2563842-cu-2-6-32-042stab090-5-parallels-virtuozzo-containers-4-7-core-update", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://help.virtuozzo.com/customer/en/portal/articles/2563842-cu-2-6-32-042stab090-5-parallels-virtuozzo-containers-4-7-core-update", "name" : "https://help.virtuozzo.com/customer/en/portal/articles/2563842-cu-2-6-32-042stab090-5-parallels-virtuozzo-containers-4-7-core-update", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://help.virtuozzo.com/customer/en/portal/articles/2563843-cu-2-6-32-042stab090-5-parallels-server-bare-metal-5-0-core-update", "name" : "https://help.virtuozzo.com/customer/en/portal/articles/2563843-cu-2-6-32-042stab090-5-parallels-server-bare-metal-5-0-core-update", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://help.virtuozzo.com/customer/en/portal/articles/2563843-cu-2-6-32-042stab090-5-parallels-server-bare-metal-5-0-core-update", "name" : "https://help.virtuozzo.com/customer/en/portal/articles/2563843-cu-2-6-32-042stab090-5-parallels-server-bare-metal-5-0-core-update", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://openvz.org/Download/kernel/rhel6/042stab090.5", "name" : "https://openvz.org/Download/kernel/rhel6/042stab090.5", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://openvz.org/Download/kernel/rhel6/042stab090.5", "name" : "https://openvz.org/Download/kernel/rhel6/042stab090.5", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openvz:vzkernel:2.6.32:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.0, "impactScore" : 4.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-01T17:29Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3536", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-532" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-3536", "name" : "https://access.redhat.com/security/cve/cve-2014-3536", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-3536", "name" : "https://access.redhat.com/security/cve/cve-2014-3536", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3536", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3536", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3536", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3536", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-15T22:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3539", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/02/07/1", "name" : "[oss-security] 20150206 python-rope: pickle.load of remotely supplied data with no authentication required", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/07/1", "name" : "[oss-security] 20150206 python-rope: pickle.load of remotely supplied data with no authentication required", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1116485", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1116485", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1116485", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1116485", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rope_project:rope:*:*:*:*:*:python:*:*", "versionEndExcluding" : "0.11.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-06T16:29Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3540", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0114. Reason: This candidate is a duplicate of CVE-2014-0114. CVE abstraction content decisions did not require a second ID. Notes: All CVE users should reference CVE-2014-0114 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-07-08T04:11Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3557", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-02-20T19:15Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3585", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-347" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-3585", "name" : "Red Hat", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-3585", "name" : "Red Hat", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3585", "name" : "Red Hat", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3585", "name" : "Red Hat", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "redhat-upgrade-tool: Does not check GPG signatures when upgrading versions" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:redhat-upgrade-tool:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-22T15:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3588", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-07T16:15Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3590", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-3590", "name" : "https://access.redhat.com/security/cve/cve-2014-3590", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-3590", "name" : "https://access.redhat.com/security/cve/cve-2014-3590", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3590", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3590", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3590", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3590", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-3590", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-3590", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-3590", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-3590", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-02T20:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3591", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cs.tau.ac.il/~tromer/radioexp/", "name" : "http://www.cs.tau.ac.il/~tromer/radioexp/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.cs.tau.ac.il/~tromer/radioexp/", "name" : "http://www.cs.tau.ac.il/~tromer/radioexp/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3184", "name" : "http://www.debian.org/security/2015/dsa-3184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3184", "name" : "http://www.debian.org/security/2015/dsa-3184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3185", "name" : "http://www.debian.org/security/2015/dsa-3185", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3185", "name" : "http://www.debian.org/security/2015/dsa-3185", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.19", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.6.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "PHYSICAL", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.2, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.5, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 1.9 }, "severity" : "LOW", "exploitabilityScore" : 3.4, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-29T22:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3592", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-3592", "name" : "https://access.redhat.com/security/cve/cve-2014-3592", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-3592", "name" : "https://access.redhat.com/security/cve/cve-2014-3592", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3592", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3592", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3592", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3592", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenShift Origin: Improperly validated team names could allow stored XSS attacks" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift_origin:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2014-08-13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-13T16:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3599", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-3599", "name" : "https://access.redhat.com/security/cve/cve-2014-3599", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-3599", "name" : "https://access.redhat.com/security/cve/cve-2014-3599", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3599", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3599", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3599", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3599", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:hornetq:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.4.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-12T14:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3603", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-297" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://secunia.com/advisories/60816", "name" : "60816", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "http://secunia.com/advisories/60816", "name" : "60816", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "http://shibboleth.net/community/advisories/secadv_20140813.txt", "name" : "http://shibboleth.net/community/advisories/secadv_20140813.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://shibboleth.net/community/advisories/secadv_20140813.txt", "name" : "http://shibboleth.net/community/advisories/secadv_20140813.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1131823", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1131823", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1131823", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1131823", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:shibboleth:identity_provider:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.4.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:shibboleth:opensaml_java:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.6.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-04-04T14:29Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3605", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-11-25T20:59Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3606", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-01-23T17:15Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3607", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://shibboleth.net/community/advisories/secadv_20140919.txt", "name" : "http://shibboleth.net/community/advisories/secadv_20140919.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://shibboleth.net/community/advisories/secadv_20140919.txt", "name" : "http://shibboleth.net/community/advisories/secadv_20140919.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1140438", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1140438", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1140438", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1140438", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://code.google.com/archive/p/vt-middleware/issues/226", "name" : "https://code.google.com/archive/p/vt-middleware/issues/226", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://code.google.com/archive/p/vt-middleware/issues/226", "name" : "https://code.google.com/archive/p/vt-middleware/issues/226", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://code.google.com/archive/p/vt-middleware/issues/227", "name" : "https://code.google.com/archive/p/vt-middleware/issues/227", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://code.google.com/archive/p/vt-middleware/issues/227", "name" : "https://code.google.com/archive/p/vt-middleware/issues/227", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://code.google.com/archive/p/vt-middleware/issues/228", "name" : "https://code.google.com/archive/p/vt-middleware/issues/228", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://code.google.com/archive/p/vt-middleware/issues/228", "name" : "https://code.google.com/archive/p/vt-middleware/issues/228", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ldaptive:ldaptive:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ldaptive:vt-ldap:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.3.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3622", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://php.net/ChangeLog-5.php", "name" : "http://php.net/ChangeLog-5.php", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://php.net/ChangeLog-5.php", "name" : "http://php.net/ChangeLog-5.php", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://bugs.php.net/bug.php?id=68088", "name" : "https://bugs.php.net/bug.php?id=68088", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://bugs.php.net/bug.php?id=68088", "name" : "https://bugs.php.net/bug.php?id=68088", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151423", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151423", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151423", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151423", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.6.0", "versionEndExcluding" : "5.6.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-19T13:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3626", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://pivotal.io/security/cve-2014-3626", "name" : "https://pivotal.io/security/cve-2014-3626", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://pivotal.io/security/cve-2014-3626", "name" : "https://pivotal.io/security/cve-2014-3626", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a '%' character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren't tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:grails:resources:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.2.0", "versionEndIncluding" : "1.2.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-19T13:29Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3643", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-3643", "name" : "Red Hat", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-3643", "name" : "Red Hat", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3643", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3643", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3643", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3643", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://www.oracle.com/security-alerts/cpujul2022.html", "name" : "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpujul2022.html", "name" : "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "jersey: XXE via parameter entities not disabled by the jersey SAX parser" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jersey_project:jersey:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-15T22:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3644", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-07T17:15Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3648", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://issues.redhat.com/browse/AEROGEAR-6091", "name" : "https://issues.redhat.com/browse/AEROGEAR-6091", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required", "Vendor Advisory" ] }, { "url" : "https://issues.redhat.com/browse/AEROGEAR-6091", "name" : "https://issues.redhat.com/browse/AEROGEAR-6091", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_aerogear:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2022-07-01T14:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3649", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-3649", "name" : "https://access.redhat.com/security/cve/cve-2014-3649", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-3649", "name" : "https://access.redhat.com/security/cve/cve-2014-3649", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3649", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3649", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3649", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3649", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "JBoss AeroGear has reflected XSS via the password field" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_aerogear:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2014-09-19", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-04T15:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3650", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1144212", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1144212", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1144212", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1144212", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://issues.redhat.com/browse/AEROGEAR-5978", "name" : "https://issues.redhat.com/browse/AEROGEAR-5978", "refsource" : "", "tags" : [ "Permissions Required", "Vendor Advisory" ] }, { "url" : "https://issues.redhat.com/browse/AEROGEAR-5978", "name" : "https://issues.redhat.com/browse/AEROGEAR-5978", "refsource" : "", "tags" : [ "Permissions Required", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_aerogear:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-07-01T14:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3652", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-3652", "name" : "https://access.redhat.com/security/cve/cve-2014-3652", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-3652", "name" : "https://access.redhat.com/security/cve/cve-2014-3652", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3652", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3652", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3652", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3652", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:keycloak:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-15T22:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3655", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-3655", "name" : "https://access.redhat.com/security/cve/cve-2014-3655", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-3655", "name" : "https://access.redhat.com/security/cve/cve-2014-3655", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138", "name" : "https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138", "name" : "https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "JBoss KeyCloak is vulnerable to soft token deletion via CSRF" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-13T16:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3656", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-3656", "name" : "https://access.redhat.com/security/cve/cve-2014-3656", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-3656", "name" : "https://access.redhat.com/security/cve/cve-2014-3656", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3656", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3656", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3656", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3656", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "JBoss KeyCloak: XSS in login-status-iframe.html" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_keycloak:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-10T14:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3658", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-07T17:15Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3659", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a reservation duplicate of CVE-2014-7169 because the CNA for this ID did not follow multiple procedures that are intended to minimize duplicate CVE assignments. Notes: All CVE users should reference CVE-2014-7169 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-09-25T10:55Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3671", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187. Reason: This candidate is a duplicate of CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187. Notes: All CVE users should reference CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-10-13T18:55Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3685", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-05-19T10:59Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3699", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-3699", "name" : "Red Hat", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-3699", "name" : "Red Hat", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3699", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3699", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3699", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3699", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-3699", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-3699", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-3699", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-3699", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "eDeploy has RCE via cPickle deserialization of untrusted data" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:edeploy:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-15T22:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3700", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3700", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3700", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3700", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3700", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-3700", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-3700", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-3700", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-3700", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:edeploy:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.6.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-21T15:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3701", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-3701", "name" : "Red Hat", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-3701", "name" : "Red Hat", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3701", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3701", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3701", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3701", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-3701", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-3701", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-3701", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-3701", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "eDeploy has tmp file race condition flaws" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:edeploy:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-15T22:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3705", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-07T17:15Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3718", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/126654/Aleph-500-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/126654/Aleph-500-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/126654/Aleph-500-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/126654/Aleph-500-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/67", "name" : "http://seclists.org/fulldisclosure/2014/May/67", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/67", "name" : "http://seclists.org/fulldisclosure/2014/May/67", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web script or HTML via the (1) find, (2) lib, or (3) sid parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:exlibrisgroup:aleph_500:20.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:exlibrisgroup:aleph_500:18.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-30T20:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3719", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/126635/Aleph-500-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/126635/Aleph-500-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/126635/Aleph-500-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/126635/Aleph-500-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/65", "name" : "http://seclists.org/fulldisclosure/2014/May/65", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/May/65", "name" : "http://seclists.org/fulldisclosure/2014/May/65", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:exlibrisgroup:aleph_500:20.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:exlibrisgroup:aleph_500:18.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-30T20:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3743", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/05/13/1", "name" : "http://www.openwall.com/lists/oss-security/2014/05/13/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/13/1", "name" : "http://www.openwall.com/lists/oss-security/2014/05/13/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/15/2", "name" : "http://www.openwall.com/lists/oss-security/2014/05/15/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/05/15/2", "name" : "http://www.openwall.com/lists/oss-security/2014/05/15/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities", "name" : "https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities", "name" : "https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "0.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-06T20:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3752", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127227/G-Data-TotalProtection-2014-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/127227/G-Data-TotalProtection-2014-Code-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127227/G-Data-TotalProtection-2014-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/127227/G-Data-TotalProtection-2014-Code-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jun/125", "name" : "20140625 CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jun/125", "name" : "20140625 CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/532559/100/0/threaded", "name" : "20140625 CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/532559/100/0/threaded", "name" : "20140625 CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3752/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3752/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3752/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3752/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gdata-software:totalprotection:*:*:*:*:*:*:*:*", "versionEndIncluding" : "24.0.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-01T17:29Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3753", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18986", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18986", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18986", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18986", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "AgileBits 1Password through 1.0.9.340 allows security feature bypass" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:1password:1password:*:*:*:*:*:windows:*:*", "versionEndIncluding" : "1.0.9.340", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-09T14:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3794", "ASSIGNER" : "security@vmware.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3795", "ASSIGNER" : "security@vmware.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3798", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://secunia.com/advisories/58455", "name" : "58455", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "http://secunia.com/advisories/58455", "name" : "58455", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "http://support.citrix.com/article/CTX140814", "name" : "http://support.citrix.com/article/CTX140814", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://support.citrix.com/article/CTX140814", "name" : "http://support.citrix.com/article/CTX140814", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/67693", "name" : "67693", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/67693", "name" : "67693", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1030304", "name" : "1030304", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1030304", "name" : "1030304", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:citrix:xenserver:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:citrix:xenserver:6.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.5, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-07-11T20:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3799", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue within the scope of CVE. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-08-18T11:15Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3809", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.securityfocus.com/archive/1/534124", "name" : "https://www.securityfocus.com/archive/1/534124", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/archive/1/534124", "name" : "https://www.securityfocus.com/archive/1/534124", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nokia:1830_photonic_service_switch-4_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nokia:1830_photonic_service_switch-4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nokia:1830_photonic_service_switch-16_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nokia:1830_photonic_service_switch-16:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nokia:1830_photonic_service_switch-32_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nokia:1830_photonic_service_switch-32:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-31T22:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3826", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://adamziaja.com/poc/201312-xss-mybb.html", "name" : "http://adamziaja.com/poc/201312-xss-mybb.html", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://adamziaja.com/poc/201312-xss-mybb.html", "name" : "http://adamziaja.com/poc/201312-xss-mybb.html", "refsource" : "", "tags" : [ "Not Applicable" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.6.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-11T19:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3827", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", "name" : "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", "name" : "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://adamziaja.com/poc/201312-xss-mybb.html", "name" : "https://adamziaja.com/poc/201312-xss-mybb.html", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://adamziaja.com/poc/201312-xss-mybb.html", "name" : "https://adamziaja.com/poc/201312-xss-mybb.html", "refsource" : "", "tags" : [ "Not Applicable" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-11T19:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3831", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-05-22T19:55Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3856", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/fish-shell/fish-shell/issues/1437", "name" : "https://github.com/fish-shell/fish-shell/issues/1437", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/fish-shell/fish-shell/issues/1437", "name" : "https://github.com/fish-shell/fish-shell/issues/1437", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1", "name" : "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1", "name" : "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2014/04/28/4", "name" : "https://www.openwall.com/lists/oss-security/2014/04/28/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2014/04/28/4", "name" : "https://www.openwall.com/lists/oss-security/2014/04/28/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fishshell:fish:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.23.0", "versionEndExcluding" : "2.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.0, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-28T16:15Z", "lastModifiedDate" : "2024-11-21T02:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3860", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-426" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/126882/Xilisoft-Video-Converter-Ultimate-7.8.1-build-20140505-DLL-Hijacking.html", "name" : "http://packetstormsecurity.com/files/126882/Xilisoft-Video-Converter-Ultimate-7.8.1-build-20140505-DLL-Hijacking.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/126882/Xilisoft-Video-Converter-Ultimate-7.8.1-build-20140505-DLL-Hijacking.html", "name" : "http://packetstormsecurity.com/files/126882/Xilisoft-Video-Converter-Ultimate-7.8.1-build-20140505-DLL-Hijacking.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xilisoft:video_converter:7.8.1:build-20140505:*:*:ultimate:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-12T18:15Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3868", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127196/ZeusCart-4.x-Remote-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127196/ZeusCart-4.x-Remote-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127196/ZeusCart-4.x-Remote-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127196/ZeusCart-4.x-Remote-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jun/116", "name" : "http://seclists.org/fulldisclosure/2014/Jun/116", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jun/116", "name" : "http://seclists.org/fulldisclosure/2014/Jun/116", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/68182", "name" : "http://www.securityfocus.com/bid/68182", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68182", "name" : "http://www.securityfocus.com/bid/68182", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ZeusCart/zeuscart/pull/23", "name" : "https://github.com/ZeusCart/zeuscart/pull/23", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ZeusCart/zeuscart/pull/23", "name" : "https://github.com/ZeusCart/zeuscart/pull/23", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in ZeusCart 4.x." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zeuscart:zeuscart:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-31T22:15Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3875", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jun/1", "name" : "http://seclists.org/fulldisclosure/2014/Jun/1", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jun/1", "name" : "http://seclists.org/fulldisclosure/2014/Jun/1", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/03/6", "name" : "http://www.openwall.com/lists/oss-security/2014/06/03/6", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/03/6", "name" : "http://www.openwall.com/lists/oss-security/2014/06/03/6", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/67783", "name" : "http://www.securityfocus.com/bid/67783", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/67783", "name" : "http://www.securityfocus.com/bid/67783", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-3875", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-3875", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-3875", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-3875", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ulli_horlacher:fex:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2014053", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-27T19:15Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3879", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc", "name" : "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc", "name" : "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openpam.org/browser/openpam/trunk/HISTORY", "name" : "http://www.openpam.org/browser/openpam/trunk/HISTORY", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://www.openpam.org/browser/openpam/trunk/HISTORY", "name" : "http://www.openpam.org/browser/openpam/trunk/HISTORY", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://www.securityfocus.com/bid/67808", "name" : "67808", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/67808", "name" : "67808", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1030330", "name" : "http://www.securitytracker.com/id/1030330", "refsource" : "", "tags" : [ "Patch", "VDB Entry", "Vendor Advisory" ] }, { "url" : "http://www.securitytracker.com/id/1030330", "name" : "http://www.securitytracker.com/id/1030330", "refsource" : "", "tags" : [ "Patch", "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "versionEndIncluding" : "9.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-18T17:15Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3893", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0114. Reason: This candidate is a duplicate of CVE-2014-0114. Notes: All CVE users should reference CVE-2014-0114 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-02-05T19:15Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3918", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-07T17:15Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3919", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://softage.be/netgear/", "name" : "http://softage.be/netgear/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://softage.be/netgear/", "name" : "http://softage.be/netgear/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netgear:cg3100_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.9.2421.13.mp3.v0027", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netgear:cg3100:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 9.3, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 2.8, "impactScore" : 5.8 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-13T19:15Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3972", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fortiguard.com/zeroday/FG-VD-14-004", "name" : "https://fortiguard.com/zeroday/FG-VD-14-004", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://fortiguard.com/zeroday/FG-VD-14-004", "name" : "https://fortiguard.com/zeroday/FG-VD-14-004", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apexis:apm-j601-ws_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "17.35.2.49", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:apexis:apm-j601-ws:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-19T19:29Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3979", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/06/06/10", "name" : "http://www.openwall.com/lists/oss-security/2014/06/06/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/06/10", "name" : "http://www.openwall.com/lists/oss-security/2014/06/06/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/11/2", "name" : "http://www.openwall.com/lists/oss-security/2014/06/11/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/11/2", "name" : "http://www.openwall.com/lists/oss-security/2014/06/11/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/67948", "name" : "http://www.securityfocus.com/bid/67948", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/67948", "name" : "http://www.securityfocus.com/bid/67948", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bytemark:symbiosis:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T18:15Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3990", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" }, { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://karmainsecurity.com/KIS-2014-08", "name" : "http://karmainsecurity.com/KIS-2014-08", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://karmainsecurity.com/KIS-2014-08", "name" : "http://karmainsecurity.com/KIS-2014-08", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://packetstormsecurity.com/files/127460/OpenCart-1.5.6.4-PHP-Object-Injection.html", "name" : "http://packetstormsecurity.com/files/127460/OpenCart-1.5.6.4-PHP-Object-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127460/OpenCart-1.5.6.4-PHP-Object-Injection.html", "name" : "http://packetstormsecurity.com/files/127460/OpenCart-1.5.6.4-PHP-Object-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jul/67", "name" : "20140714 [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jul/67", "name" : "20140714 [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/532763/100/0/threaded", "name" : "20140714 [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/532763/100/0/threaded", "name" : "20140714 [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68529", "name" : "68529", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68529", "name" : "68529", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/opencart-ce/opencart-ce/commit/c2aafc823bd85876f5e888f8ebc421069a5e076f", "name" : "https://github.com/opencart-ce/opencart-ce/commit/c2aafc823bd85876f5e888f8ebc421069a5e076f", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/opencart-ce/opencart-ce/commit/c2aafc823bd85876f5e888f8ebc421069a5e076f", "name" : "https://github.com/opencart-ce/opencart-ce/commit/c2aafc823bd85876f5e888f8ebc421069a5e076f", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.5.6.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-3999", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/06/14/1", "name" : "[oss-security] 20140613 Re: CVE Request: Horde_Ldap: Stricter parameter check in bind() to detect empty passwords", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/14/1", "name" : "[oss-security] 20140613 Re: CVE Request: Horde_Ldap: Stricter parameter check in bind() to detect empty passwords", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.securityfocus.com/bid/68014", "name" : "68014", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68014", "name" : "68014", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1109628", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1109628", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1109628", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1109628", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://github.com/horde/horde/commit/4c3e18f1724ab39bfef10c189a5b52036a744d55", "name" : "https://github.com/horde/horde/commit/4c3e18f1724ab39bfef10c189a5b52036a744d55", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/horde/horde/commit/4c3e18f1724ab39bfef10c189a5b52036a744d55", "name" : "https://github.com/horde/horde/commit/4c3e18f1724ab39bfef10c189a5b52036a744d55", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://marc.info/?l=horde-announce&m=140178644816474&w=2", "name" : "[horde-announce] 20140603 SECURITY: authentication bypass in Horde_Ldap", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://marc.info/?l=horde-announce&m=140178644816474&w=2", "name" : "[horde-announce] 20140603 SECURITY: authentication bypass in Horde_Ldap", "refsource" : "", "tags" : [ "Mailing List" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:horde:horde_ldap:*:*:*:*:*:horde:*:*", "versionEndExcluding" : "2.0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-10T15:29Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4019", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html", "name" : "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html", "name" : "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/33803", "name" : "http://www.exploit-db.com/exploits/33803", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/33803", "name" : "http://www.exploit-db.com/exploits/33803", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.osvdb.org/102668", "name" : "http://www.osvdb.org/102668", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.osvdb.org/102668", "name" : "http://www.osvdb.org/102668", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/", "name" : "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/", "name" : "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zte:zxv10_w300_firmware:w300v1.0.0a_zrd_lk:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zte:zxv10_w300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-20T18:15Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4024", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95834", "name" : "f5-cve20144024-info-disc(95834)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95834", "name" : "f5-cve20144024-info-disc(95834)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.f5.com/csp/article/K15500", "name" : "https://support.f5.com/csp/article/K15500", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.f5.com/csp/article/K15500", "name" : "https://support.f5.com/csp/article/K15500", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might allow remote attackers to have unspecified impact via a timing side-channel attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.5.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.4.0", "versionEndIncluding" : "11.5.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.3.0", "versionEndIncluding" : "11.5.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.5.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.5.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.1.0", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.5.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.1.0", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.3.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.5.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.5.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.3.0", "versionEndIncluding" : "11.5.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.4.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.3.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.3.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-19T21:29Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4053", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4054", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4066", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037", "name" : "MS14-037", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037", "name" : "MS14-037", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2787, CVE-2014-2790, CVE-2014-2802, and CVE-2014-2806." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.6, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.6 }, "severity" : "HIGH", "exploitabilityScore" : 4.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-08T23:29Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4069", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4112", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012", "name" : "MS14-012", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012", "name" : "MS14-012", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0304." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.6, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.6 }, "severity" : "HIGH", "exploitabilityScore" : 4.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-08T23:29Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4119", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4120", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4125", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4131", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4135", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4136", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4139", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4142", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4144", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4145", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051", "name" : "MS14-051", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051", "name" : "MS14-051", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-8985." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.6, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.6 }, "severity" : "HIGH", "exploitabilityScore" : 4.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-08T23:29Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4146", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4147", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4150", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/06/13/5", "name" : "[oss-security] 20140613 Re: CVE request: scheme48: insecure use of temporary files in cmuscheme48.el", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/13/5", "name" : "[oss-security] 20140613 Re: CVE request: scheme48: insecure use of temporary files in cmuscheme48.el", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.s48.org/cgi-bin/hgwebdir.cgi/s48/rev/a44624256297", "name" : "http://www.s48.org/cgi-bin/hgwebdir.cgi/s48/rev/a44624256297", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.s48.org/cgi-bin/hgwebdir.cgi/s48/rev/a44624256297", "name" : "http://www.s48.org/cgi-bin/hgwebdir.cgi/s48/rev/a44624256297", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/67654", "name" : "67654", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/67654", "name" : "67654", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748766", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748766", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748766", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748766", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:s48:scheme48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-20T17:29Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4156", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-203" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/06/17/16", "name" : "http://www.openwall.com/lists/oss-security/2014/06/17/16", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/17/16", "name" : "http://www.openwall.com/lists/oss-security/2014/06/17/16", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/68028", "name" : "http://www.securityfocus.com/bid/68028", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68028", "name" : "http://www.securityfocus.com/bid/68028", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:proxmox:virtual_environment:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T15:15Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4170", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127701/Free-Reprintables-ArticleFR-11.06.2014-Improper-Access-Control.html", "name" : "http://packetstormsecurity.com/files/127701/Free-Reprintables-ArticleFR-11.06.2014-Improper-Access-Control.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127701/Free-Reprintables-ArticleFR-11.06.2014-Improper-Access-Control.html", "name" : "http://packetstormsecurity.com/files/127701/Free-Reprintables-ArticleFR-11.06.2014-Improper-Access-Control.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/34245", "name" : "http://www.exploit-db.com/exploits/34245", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/34245", "name" : "http://www.exploit-db.com/exploits/34245", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95051", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95051", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95051", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95051", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/68980", "name" : "https://www.securityfocus.com/bid/68980", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/68980", "name" : "https://www.securityfocus.com/bid/68980", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freereprintables:articlefr:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-13T19:15Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4172", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1131350", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1131350", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1131350", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1131350", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d", "name" : "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d", "name" : "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814", "name" : "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814", "name" : "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog", "name" : "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog", "name" : "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/Jasig/phpCAS/pull/125", "name" : "https://github.com/Jasig/phpCAS/pull/125", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/Jasig/phpCAS/pull/125", "name" : "https://github.com/Jasig/phpCAS/pull/125", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://issues.jasig.org/browse/CASC-228", "name" : "https://issues.jasig.org/browse/CASC-228", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://issues.jasig.org/browse/CASC-228", "name" : "https://issues.jasig.org/browse/CASC-228", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2014/dsa-3017.en.html", "name" : "https://www.debian.org/security/2014/dsa-3017.en.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2014/dsa-3017.en.html", "name" : "https://www.debian.org/security/2014/dsa-3017.en.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html", "name" : "https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html", "name" : "https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apereo:.net_cas_client:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apereo:java_cas_client:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.3.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apereo:phpcas:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-24T19:15Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4196", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", "name" : "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", "name" : "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bssys:rbs_bs-client:3.17.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-03T20:15Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4198", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", "name" : "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", "name" : "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bssys:rbs_bs-client._retail_client:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bssys:rbs_bs-client._retail_client:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-13T19:15Z", "lastModifiedDate" : "2024-11-21T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4272", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4273", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4286", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4286. Reason: This candidate is a duplicate of CVE-2013-4286. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-4286 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-06-18T21:55Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4314", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA who allocated this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-04-10T18:59Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4315", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA who allocated this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-04-10T18:59Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4355", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4358", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4359", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4360", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4365", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4370", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4382", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4385", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4387", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4392", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4429", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4445", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4454", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4456", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4464", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4478", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4482", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4490", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4519", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-conversador-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-conversador-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-conversador-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-conversador-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.61 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the 'page' parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:conversador_project:conversador:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.61", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T17:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4523", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-easy-career-openings-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-easy-career-openings-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-easy-career-openings-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-easy-career-openings-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the Easy Career Openings plugin 0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_career_openings_project:easy_career_openings:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T14:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4525", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-ebay-feeds-for-wordpress-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-ebay-feeds-for-wordpress-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-ebay-feeds-for-wordpress-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-ebay-feeds-for-wordpress-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://wordpress.org/plugins/ebay-feeds-for-wordpress/changelog", "name" : "http://wordpress.org/plugins/ebay-feeds-for-wordpress/changelog", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://wordpress.org/plugins/ebay-feeds-for-wordpress/changelog", "name" : "http://wordpress.org/plugins/ebay-feeds-for-wordpress/changelog", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:winwar:wp_ebay_product_feeds:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T14:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4530", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-flog-a3-cross-site-scripting-xss/", "name" : "http://codevigilant.com/disclosure/wp-plugin-flog-a3-cross-site-scripting-xss/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-flog-a3-cross-site-scripting-xss/", "name" : "http://codevigilant.com/disclosure/wp-plugin-flog-a3-cross-site-scripting-xss/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "flog plugin 0.1 for WordPress has XSS" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:flog_project:flog:0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-10T13:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4535", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-import-legacy-media-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-import-legacy-media-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-import-legacy-media-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-import-legacy-media-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:import_legacy_media_project:import_legacy_media:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T20:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4536", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-infusionsoft-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-infusionsoft-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-infusionsoft-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-infusionsoft-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://wordpress.org/plugins/infusionsoft/changelog", "name" : "http://wordpress.org/plugins/infusionsoft/changelog", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://wordpress.org/plugins/infusionsoft/changelog", "name" : "http://wordpress.org/plugins/infusionsoft/changelog", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:katz:infusionsoft_gravity_forms:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.5.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T20:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4539", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-movies-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-movies-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-movies-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-movies-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:movies_project:movies:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T19:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4544", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-podcast-channels-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-podcast-channels-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-podcast-channels-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-podcast-channels-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:podcast_channels_project:podcast_channels:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "0.20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T19:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4548", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-ruven-toolkit-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-ruven-toolkit-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-ruven-toolkit-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-ruven-toolkit-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the Ruven Toolkit plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the popup parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruven-toolkit_project:ruven-toolkit:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T19:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4550", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-shortcode-ninja-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-shortcode-ninja-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-shortcode-ninja-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-shortcode-ninja-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:visualshortcodes:ninja:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T20:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4553", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-spreadshirt-rss-3d-cube-flash-gallery-a3-cross-site-scripting-xss/", "name" : "http://codevigilant.com/disclosure/wp-plugin-spreadshirt-rss-3d-cube-flash-gallery-a3-cross-site-scripting-xss/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-spreadshirt-rss-3d-cube-flash-gallery-a3-cross-site-scripting-xss/", "name" : "http://codevigilant.com/disclosure/wp-plugin-spreadshirt-rss-3d-cube-flash-gallery-a3-cross-site-scripting-xss/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress allows remote attackers to execute arbitrary web script or HTML via unspecified parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:spreadshirt-rss-3d-cube-flash-gallery_project:spreadshirt-rss-3d-cube-flash-gallery:2014:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-02T19:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4558", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-woocommerce-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-woocommerce-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-woocommerce-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-woocommerce-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cybercompany:swipehq-payment-gateway-woocommerce:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.7.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T19:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4559", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-wp-e-commerce-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-wp-e-commerce-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Release Notes", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-wp-e-commerce-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-wp-e-commerce-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cybercompay:swipehq-payment-gateway-wp-e-commerce:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T14:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4561", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-ultimate-weather-plugin-a3-cross-site-scripting-xss/", "name" : "http://codevigilant.com/disclosure/wp-plugin-ultimate-weather-plugin-a3-cross-site-scripting-xss/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-ultimate-weather-plugin-a3-cross-site-scripting-xss/", "name" : "http://codevigilant.com/disclosure/wp-plugin-ultimate-weather-plugin-a3-cross-site-scripting-xss/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ultimate-weather plugin 1.0 for WordPress has XSS" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ultimate-weather_project:ultimate-weather:1.0:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-10T14:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-456132", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-13T11:59Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4567", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-video-comments-webcam-recorder-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-video-comments-webcam-recorder-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-video-comments-webcam-recorder-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-video-comments-webcam-recorder-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839986%40video-comments-webcam-recorder&old=686438%40video-comments-webcam-recorder", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839986%40video-comments-webcam-recorder&old=686438%40video-comments-webcam-recorder", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839986%40video-comments-webcam-recorder&old=686438%40video-comments-webcam-recorder", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839986%40video-comments-webcam-recorder&old=686438%40video-comments-webcam-recorder", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:videowhisper:video_comments_webcam_recorder:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.55", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T19:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4592", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codevigilant.com/disclosure/wp-plugin-wp-planet-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-wp-planet-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://codevigilant.com/disclosure/wp-plugin-wp-planet-a3-cross-site-scripting-xss", "name" : "http://codevigilant.com/disclosure/wp-plugin-wp-planet-a3-cross-site-scripting-xss", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:czepol:wp-planet:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T17:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4607", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "name" : "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "name" : "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://web.archive.org/web/20140701023922/http://www.oberhumer.com/opensource/lzo/", "name" : "https://web.archive.org/web/20140701023922/http://www.oberhumer.com/opensource/lzo/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://web.archive.org/web/20140701023922/http://www.oberhumer.com/opensource/lzo/", "name" : "https://web.archive.org/web/20140701023922/http://www.oberhumer.com/opensource/lzo/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oberhumer:lzo2:*:*:*:*:*:*:x86:*", "versionEndExcluding" : "2.07", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oberhumer:liblzo2:*:*:*:*:*:*:x86:*", "versionEndExcluding" : "2.07", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-12T14:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4609", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "name" : "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "name" : "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/26/22", "name" : "http://www.openwall.com/lists/oss-security/2014/06/26/22", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/26/22", "name" : "http://www.openwall.com/lists/oss-security/2014/06/26/22", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://libav.org/news/#2014-06-27", "name" : "https://libav.org/news/#2014-06-27", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://libav.org/news/#2014-06-27", "name" : "https://libav.org/news/#2014-06-27", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0", "versionEndExcluding" : "10.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.8.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.0", "versionEndExcluding" : "9.14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-14T16:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4610", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "name" : "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "name" : "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/26/23", "name" : "http://www.openwall.com/lists/oss-security/2014/06/26/23", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/06/26/23", "name" : "http://www.openwall.com/lists/oss-security/2014/06/26/23", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.ffmpeg.org/security.html", "name" : "https://www.ffmpeg.org/security.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.ffmpeg.org/security.html", "name" : "https://www.ffmpeg.org/security.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.2", "versionEndExcluding" : "2.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.1", "versionEndExcluding" : "2.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.1", "versionEndExcluding" : "1.1.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0", "versionEndExcluding" : "2.0.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.2", "versionEndExcluding" : "1.2.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.10.14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-14T16:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4612", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html", "name" : "http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html", "name" : "http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/608", "name" : "[oss-security] 20140623 CVE request: XSS in coppermine gallery before 1.5.28", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/608", "name" : "[oss-security] 20140623 CVE request: XSS in coppermine gallery before 1.5.28", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/620", "name" : "[oss-security] 20140624 Re: CVE request: XSS in coppermine gallery before 1.5.28", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/620", "name" : "[oss-security] 20140624 Re: CVE request: XSS in coppermine gallery before 1.5.28", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://sourceforge.net/p/coppermine/code/8674", "name" : "http://sourceforge.net/p/coppermine/code/8674", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "http://sourceforge.net/p/coppermine/code/8674", "name" : "http://sourceforge.net/p/coppermine/code/8674", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/68140", "name" : "68140", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68140", "name" : "68140", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt", "name" : "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt", "name" : "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt", "name" : "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt", "name" : "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.6.0", "versionEndExcluding" : "1.6.01", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.28", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-16T17:29Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4613", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://osvdb.org/show/osvdb/103774", "name" : "103774", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://osvdb.org/show/osvdb/103774", "name" : "103774", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://packetstormsecurity.com/files/125438/Piwigo-2.6.1-Cross-Site-Request-Forgery.html", "name" : "http://packetstormsecurity.com/files/125438/Piwigo-2.6.1-Cross-Site-Request-Forgery.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/125438/Piwigo-2.6.1-Cross-Site-Request-Forgery.html", "name" : "http://packetstormsecurity.com/files/125438/Piwigo-2.6.1-Cross-Site-Request-Forgery.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://piwigo.org/bugs/view.php?id=0003055", "name" : "http://piwigo.org/bugs/view.php?id=0003055", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "http://piwigo.org/bugs/view.php?id=0003055", "name" : "http://piwigo.org/bugs/view.php?id=0003055", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "http://piwigo.org/releases/2.6.2", "name" : "http://piwigo.org/releases/2.6.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://piwigo.org/releases/2.6.2", "name" : "http://piwigo.org/releases/2.6.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/610", "name" : "[oss-security] 20140623 CVE request: Piwigo before 2.6.2 ws.php Arbitrary User Creation CSRF", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/610", "name" : "[oss-security] 20140623 CVE request: Piwigo before 2.6.2 ws.php Arbitrary User Creation CSRF", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/623", "name" : "[oss-security] 20140624 Re: CVE request: Piwigo before 2.6.2 ws.php Arbitrary User Creation CSRF", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/623", "name" : "[oss-security] 20140624 Re: CVE request: Piwigo before 2.6.2 ws.php Arbitrary User Creation CSRF", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.exploit-db.com/exploits/31916", "name" : "31916", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/31916", "name" : "31916", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65811", "name" : "65811", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65811", "name" : "65811", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:piwigo:piwigo:*:-:*:*:*:*:*:*", "versionEndExcluding" : "2.6.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-16T17:29Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4640", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-07T15:59Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4641", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-07T15:59Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4642", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-07T15:59Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4650", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugs.python.org/issue21766", "name" : "http://bugs.python.org/issue21766", "refsource" : "", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://bugs.python.org/issue21766", "name" : "http://bugs.python.org/issue21766", "refsource" : "", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2014/06/26/3", "name" : "http://openwall.com/lists/oss-security/2014/06/26/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2014/06/26/3", "name" : "http://openwall.com/lists/oss-security/2014/06/26/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-4650", "name" : "Red Hat", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-4650", "name" : "Red Hat", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.2.0", "versionEndExcluding" : "3.2.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.3.0", "versionEndExcluding" : "3.3.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.4.0", "versionEndExcluding" : "3.4.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.7.0", "versionEndExcluding" : "2.7.8", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-20T17:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4651", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2014/q2/579", "name" : "http://seclists.org/oss-sec/2014/q2/579", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q2/579", "name" : "http://seclists.org/oss-sec/2014/q2/579", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://issues.apache.org/jira/browse/JCLOUDS-612", "name" : "https://issues.apache.org/jira/browse/JCLOUDS-612", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://issues.apache.org/jira/browse/JCLOUDS-612", "name" : "https://issues.apache.org/jira/browse/JCLOUDS-612", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:jclouds:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.7.3", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-18T14:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4657", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "name" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "name" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.securityfocus.com/bid/68232", "name" : "68232", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/68232", "name" : "68232", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-20T15:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4658", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "name" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "name" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.securityfocus.com/bid/68233", "name" : "68233", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/68233", "name" : "68233", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-20T15:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4659", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "name" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "name" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.securityfocus.com/bid/68234", "name" : "68234", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/68234", "name" : "68234", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the \"deb http://user:pass@server:port/\" format." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-20T15:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4660", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "name" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "name" : "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08", "name" : "https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08", "name" : "https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-4660", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-4660", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-4660", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-4660", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2014/06/26/19", "name" : "https://www.openwall.com/lists/oss-security/2014/06/26/19", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2014/06/26/19", "name" : "https://www.openwall.com/lists/oss-security/2014/06/26/19", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/68231", "name" : "https://www.securityfocus.com/bid/68231", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/68231", "name" : "https://www.securityfocus.com/bid/68231", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the \"deb http://user:pass@server:port/\" format." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-20T03:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4678", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916", "name" : "https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916", "name" : "https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ", "name" : "https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ", "name" : "https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-4678", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-4678", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-4678", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-4678", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2014/06/26/30", "name" : "https://www.openwall.com/lists/oss-security/2014/06/26/30", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2014/06/26/30", "name" : "https://www.openwall.com/lists/oss-security/2014/06/26/30", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2014/07/02/2", "name" : "https://www.openwall.com/lists/oss-security/2014/07/02/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2014/07/02/2", "name" : "https://www.openwall.com/lists/oss-security/2014/07/02/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5", "name" : "https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5", "name" : "https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678", "name" : "https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678", "name" : "https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.6.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-20T03:15Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4705", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://secunia.com/advisories/59349", "name" : "59349", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "http://secunia.com/advisories/59349", "name" : "59349", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345171.htm", "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345171.htm", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345171.htm", "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345171.htm", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9300_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9300_firmware:v200r002c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9300_firmware:v200r003c00spc500:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s9300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r002c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r003c00spc500:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s9700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r002c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r003c00spc500:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5300_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5300_firmware:v200r002c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5300_firmware:v200r003c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s5300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r002c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r003c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6300_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6300_firmware:v200r002c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6300_firmware:v200r003c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r002c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r003c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r003c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r003c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r003c01spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r003c01spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r003c01spc900:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r005c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r005c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar150:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r003c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r003c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r003c01spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r003c01spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r003c01spc900:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r005c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r005c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar160:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r003c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r003c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r003c01spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r003c01spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r003c01spc900:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r005c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r005c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r003c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r003c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r003c01spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r003c01spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r003c01spc900:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r005c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r005c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar1200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r003c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r003c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r003c01spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r003c01spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r003c01spc900:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r005c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r005c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar2200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r003c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r003c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r003c01spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r003c01spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r003c01spc900:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r005c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r005c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar530_firmware:v200r003c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar530_firmware:v200r003c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar530_firmware:v200r003c01spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar530_firmware:v200r003c01spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar530_firmware:v200r003c01spc900:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar530_firmware:v200r005c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar530_firmware:v200r005c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r003c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r003c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r003c01spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r003c01spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r003c01spc900:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r005c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r005c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:netengine16ex:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r003c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r003c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r003c01spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r003c01spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r003c01spc900:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r005c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r005c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:srg1300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r003c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r003c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r003c01spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r003c01spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r003c01spc900:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r005c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r005c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:srg2300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r003c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r003c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r003c01spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r003c01spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r003c01spc900:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r005c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r005c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:srg3300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:wlan_ac6005_firmware:v200r003c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:wlan_ac6005_firmware:v200r003c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:wlan_ac6005_firmware:v200r003c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:wlan_ac6005_firmware:v200r003c00spc500:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:wlan_ac6005_firmware:v200r005c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:wlan_ac6005:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:wlan_ac6605_firmware:v200r003c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:wlan_ac6605_firmware:v200r003c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:wlan_ac6605_firmware:v200r003c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:wlan_ac6605_firmware:v200r003c00spc500:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:wlan_ac6605_firmware:v200r005c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:wlan_ac6605:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:wlan_acu2_firmware:v200r005c00spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:wlan_acu2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-30T17:29Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4714", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4740", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-4907, CVE-2014-4908. Reason: This candidate is a duplicate of CVE-2014-4907 and CVE-2014-4908. Notes: All CVE users should reference CVE-2014-4907 and/or CVE-2014-4908 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-07-09T14:55Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4782", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693053", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693053", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693053", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693053", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95029", "name" : "ibm-infosphere-cve20144782-info-disc(95029)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95029", "name" : "ibm-infosphere-cve20144782-info-disc(95029)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the Alert management service. IBM X-Force ID: 95029." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_biginsights:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-20T20:29Z", "lastModifiedDate" : "2024-11-21T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4859", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/552286", "name" : "http://www.kb.cert.org/vuls/id/552286", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/552286", "name" : "http://www.kb.cert.org/vuls/id/552286", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tianocore:edk2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-31T16:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4860", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/552286", "name" : "http://www.kb.cert.org/vuls/id/552286", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/552286", "name" : "http://www.kb.cert.org/vuls/id/552286", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tianocore:edk2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-31T16:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4861", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://thycotic.com/products/secret-server/resources/advisories/cve-2014-4861/", "name" : "http://thycotic.com/products/secret-server/resources/advisories/cve-2014-4861/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://thycotic.com/products/secret-server/resources/advisories/cve-2014-4861/", "name" : "http://thycotic.com/products/secret-server/resources/advisories/cve-2014-4861/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:thycotic:secret_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.5.000000", "versionEndIncluding" : "8.6.000009", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-09T20:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4912", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.exploit-db.com/exploits/33983/", "name" : "33983", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/33983/", "name" : "33983", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:frog_cms_project:frog_cms:0.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-22T04:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4913", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/11/4", "name" : "http://www.openwall.com/lists/oss-security/2014/07/11/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/11/4", "name" : "http://www.openwall.com/lists/oss-security/2014/07/11/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/66971", "name" : "http://www.securityfocus.com/bid/66971", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/66971", "name" : "http://www.securityfocus.com/bid/66971", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-4913", "name" : "https://access.redhat.com/security/cve/cve-2014-4913", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-4913", "name" : "https://access.redhat.com/security/cve/cve-2014-4913", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://framework.zend.com/security/advisory/ZF2014-03", "name" : "https://framework.zend.com/security/advisory/ZF2014-03", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://framework.zend.com/security/advisory/ZF2014-03", "name" : "https://framework.zend.com/security/advisory/ZF2014-03", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-4913", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-4913", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-4913", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-4913", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ZF2014-03 has a potential cross site scripting vector in multiple view helpers" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.3.0", "versionEndExcluding" : "2.3.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-15T22:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4919", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.oxid-esales.com/view.php?id=5814", "name" : "https://bugs.oxid-esales.com/view.php?id=5814", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugs.oxid-esales.com/view.php?id=5814", "name" : "https://bugs.oxid-esales.com/view.php?id=5814", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://oxidforge.org/en/security-bulletin-2014-003.html", "name" : "https://oxidforge.org/en/security-bulletin-2014-003.html", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://oxidforge.org/en/security-bulletin-2014-003.html", "name" : "https://oxidforge.org/en/security-bulletin-2014-003.html", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:professional:*:*:*", "versionEndExcluding" : "4.7.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:professional:*:*:*", "versionStartIncluding" : "4.8.0", "versionEndExcluding" : "4.8.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*", "versionEndExcluding" : "5.0.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "5.1.0", "versionEndExcluding" : "5.1.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:community:*:*:*", "versionEndExcluding" : "4.7.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:community:*:*:*", "versionStartIncluding" : "4.8.0", "versionEndExcluding" : "4.8.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-19T15:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4928", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://dringen.blogspot.com.au/2014/07/invision-power-board-blind-sql.html", "name" : "http://dringen.blogspot.com.au/2014/07/invision-power-board-blind-sql.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://dringen.blogspot.com.au/2014/07/invision-power-board-blind-sql.html", "name" : "http://dringen.blogspot.com.au/2014/07/invision-power-board-blind-sql.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:invisioncommunity:invision_power_board:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.4.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4932", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://techdefencelabs.com/security-advisories.html", "name" : "http://techdefencelabs.com/security-advisories.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://techdefencelabs.com/security-advisories.html", "name" : "http://techdefencelabs.com/security-advisories.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/help/advanced/changelog/", "name" : "https://www.wordfence.com/help/advanced/changelog/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.wordfence.com/help/advanced/changelog/", "name" : "https://www.wordfence.com/help/advanced/changelog/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wordfence:wordfence_security:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "5.1.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-08-28T17:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4949", "ASSIGNER" : "larry0@me.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4950", "ASSIGNER" : "larry0@me.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4951", "ASSIGNER" : "larry0@me.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4952", "ASSIGNER" : "larry0@me.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4953", "ASSIGNER" : "larry0@me.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4959", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127651/Android-SDK-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127651/Android-SDK-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127651/Android-SDK-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127651/Android-SDK-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jul/138", "name" : "20140726 SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Mitigation", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jul/138", "name" : "20140726 SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Mitigation", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jul/139", "name" : "20140726 SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method ( link correction)", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Mitigation", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Jul/139", "name" : "20140726 SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method ( link correction)", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Mitigation", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/68912", "name" : "68912", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68912", "name" : "68912", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "**DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-27T16:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4966", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ocert.org/advisories/ocert-2014-004.html", "name" : "http://www.ocert.org/advisories/ocert-2014-004.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ocert.org/advisories/ocert-2014-004.html", "name" : "http://www.ocert.org/advisories/ocert-2014-004.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527", "name" : "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527", "name" : "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ansible before 1.6.7 does not prevent inventory data with \"{{\" and \"lookup\" substrings, and does not prevent remote data with \"{{\" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.6.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-18T15:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4967", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ocert.org/advisories/ocert-2014-004.html", "name" : "http://www.ocert.org/advisories/ocert-2014-004.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ocert.org/advisories/ocert-2014-004.html", "name" : "http://www.ocert.org/advisories/ocert-2014-004.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527", "name" : "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527", "name" : "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing \" src=\" clause, (2) a trailing \" temp=\" clause, or (3) a trailing \" validate=\" clause accompanied by a shell command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.6.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-18T15:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4968", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.exploit-db.com/exploits/34088/", "name" : "http://www.exploit-db.com/exploits/34088/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/34088/", "name" : "http://www.exploit-db.com/exploits/34088/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:boatmob:boat_browser:8.0:*:*:*:*:android:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:boatmob:boat_browser:8.0.1:*:*:*:*:android:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-12T01:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4972", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://g0blin.co.uk/cve-2014-4972/", "name" : "https://g0blin.co.uk/cve-2014-4972/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://g0blin.co.uk/cve-2014-4972/", "name" : "https://g0blin.co.uk/cve-2014-4972/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/8232", "name" : "https://wpvulndb.com/vulnerabilities/8232", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/8232", "name" : "https://wpvulndb.com/vulnerabilities/8232", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ajax_upload_for_gravity_forms_project:ajax_upload_for_gravity_forms:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4981", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://ocert.org/advisories/ocert-2014-005.html", "name" : "http://ocert.org/advisories/ocert-2014-005.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://ocert.org/advisories/ocert-2014-005.html", "name" : "http://ocert.org/advisories/ocert-2014-005.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://packetstormsecurity.com/files/127593/LPAR2RRD-3.5-4.53-Command-Injection.html", "name" : "http://packetstormsecurity.com/files/127593/LPAR2RRD-3.5-4.53-Command-Injection.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127593/LPAR2RRD-3.5-4.53-Command-Injection.html", "name" : "http://packetstormsecurity.com/files/127593/LPAR2RRD-3.5-4.53-Command-Injection.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.lpar2rrd.com/note453-01.htm", "name" : "http://www.lpar2rrd.com/note453-01.htm", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.lpar2rrd.com/note453-01.htm", "name" : "http://www.lpar2rrd.com/note453-01.htm", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/23/6", "name" : "http://www.openwall.com/lists/oss-security/2014/07/23/6", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/23/6", "name" : "http://www.openwall.com/lists/oss-security/2014/07/23/6", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/68844", "name" : "68844", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68844", "name" : "68844", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94784", "name" : "94784", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94784", "name" : "94784", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xorux:lpar2rrd:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.50", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-17T22:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4982", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127593/LPAR2RRD-3.5-4.53-Command-Injection.html", "name" : "http://packetstormsecurity.com/files/127593/LPAR2RRD-3.5-4.53-Command-Injection.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127593/LPAR2RRD-3.5-4.53-Command-Injection.html", "name" : "http://packetstormsecurity.com/files/127593/LPAR2RRD-3.5-4.53-Command-Injection.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/23/6", "name" : "http://www.openwall.com/lists/oss-security/2014/07/23/6", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/23/6", "name" : "http://www.openwall.com/lists/oss-security/2014/07/23/6", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/68850", "name" : "http://www.securityfocus.com/bid/68850", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68850", "name" : "http://www.securityfocus.com/bid/68850", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94785", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94785", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94785", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94785", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "LPAR2RRD = 4.53 and = 3.5 has arbitrary command injection on the application server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xorux:lpar2rrd:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.50", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xorux:lpar2rrd:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.00", "versionEndIncluding" : "4.53", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-10T13:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4984", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127769/Crescendo-Sales-CRM-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127769/Crescendo-Sales-CRM-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127769/Crescendo-Sales-CRM-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127769/Crescendo-Sales-CRM-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95176", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95176", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95176", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95176", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/69085/info", "name" : "https://www.securityfocus.com/bid/69085/info", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/69085/info", "name" : "https://www.securityfocus.com/bid/69085/info", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Déjà Vu Crescendo Sales CRM has remote SQL Injection" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dejavuprotech:crescendo_-_sales_crm:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-10T13:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4991", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/8", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/8", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/68733", "name" : "68733", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68733", "name" : "68733", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.vapid.dhs.org/advisories/codders-dataset-1.3.2.1.html", "name" : "http://www.vapid.dhs.org/advisories/codders-dataset-1.3.2.1.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/codders-dataset-1.3.2.1.html", "name" : "http://www.vapid.dhs.org/advisories/codders-dataset-1.3.2.1.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codders-dataset_project:codders-dataset:1.3.2.1:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4992", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/9", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem cap-strap-0.1.5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/9", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem cap-strap-0.1.5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/cap-strap-0.1.5.html", "name" : "http://www.vapid.dhs.org/advisories/cap-strap-0.1.5.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/cap-strap-0.1.5.html", "name" : "http://www.vapid.dhs.org/advisories/cap-strap-0.1.5.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cap-strap_project:cap-strap:0.1.5:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4993", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/11", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem backup-agoddard-3.0.28", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/11", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem backup-agoddard-3.0.28", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/12", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem backup_checksum-3.0.23", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/12", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem backup_checksum-3.0.23", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/backup_checksum-3.0.23.html", "name" : "http://www.vapid.dhs.org/advisories/backup_checksum-3.0.23.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/backup_checksum-3.0.23.html", "name" : "http://www.vapid.dhs.org/advisories/backup_checksum-3.0.23.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/backup-agoddard-3.0.28.html", "name" : "http://www.vapid.dhs.org/advisories/backup-agoddard-3.0.28.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/backup-agoddard-3.0.28.html", "name" : "http://www.vapid.dhs.org/advisories/backup-agoddard-3.0.28.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:backup_checksum_project:backup_checksum:3.0.23:*:*:*:*:ruby:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:backup-agoddard_project:backup-agoddard:3.0.28:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4994", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/13", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem gyazo-1.0.0", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/13", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem gyazo-1.0.0", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/gyazo-1.0.0.html", "name" : "http://www.vapid.dhs.org/advisories/gyazo-1.0.0.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/gyazo-1.0.0.html", "name" : "http://www.vapid.dhs.org/advisories/gyazo-1.0.0.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gyazo_project:gyazo:1.0.0:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4995", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" }, { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/14", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem VladTheEnterprising-0.2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/14", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem VladTheEnterprising-0.2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/68729", "name" : "68729", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68729", "name" : "68729", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html", "name" : "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html", "name" : "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94745", "name" : "vladtheenterprising-info-disc(94745)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94745", "name" : "vladtheenterprising-info-disc(94745)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vladtheenterprising_project:vladtheenterprising:0.2.0:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.0, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 1.9 }, "severity" : "LOW", "exploitabilityScore" : 3.4, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4996", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/14", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem VladTheEnterprising-0.2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/14", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem VladTheEnterprising-0.2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/68731", "name" : "68731", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68731", "name" : "68731", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html", "name" : "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html", "name" : "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94744", "name" : "vladtheenterprising-cve20144996-sec-bypass(94744)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94744", "name" : "vladtheenterprising-cve20144996-sec-bypass(94744)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vladtheenterprising_project:vladtheenterprising:0.2.0:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4997", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/16", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem point-cli-0.0.1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/16", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem point-cli-0.0.1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/68735", "name" : "68735", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68735", "name" : "68735", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html", "name" : "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html", "name" : "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:point-cli_project:point-cli:0.0.1:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4998", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/18", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem lean-ruport-0.3.8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/18", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem lean-ruport-0.3.8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/lean-ruport-0.3.8.html", "name" : "http://www.vapid.dhs.org/advisories/lean-ruport-0.3.8.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/lean-ruport-0.3.8.html", "name" : "http://www.vapid.dhs.org/advisories/lean-ruport-0.3.8.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lean-ruport_project:lean-ruport:0.3.8:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-4999", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/19", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem kajam-1.0.3.rc2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/19", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem kajam-1.0.3.rc2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/kajam-1.0.3.rc2.html", "name" : "http://www.vapid.dhs.org/advisories/kajam-1.0.3.rc2.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/kajam-1.0.3.rc2.html", "name" : "http://www.vapid.dhs.org/advisories/kajam-1.0.3.rc2.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kajam_project:kajam:1.0.3:rc2:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5000", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/20", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem lawn-login-0.0.7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/20", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem lawn-login-0.0.7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/lawn-login-0.0.7.html", "name" : "http://www.vapid.dhs.org/advisories/lawn-login-0.0.7.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/lawn-login-0.0.7.html", "name" : "http://www.vapid.dhs.org/advisories/lawn-login-0.0.7.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lawn-login_project:lawn-login:0.0.7:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5001", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/21", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem kcapifony-2.1.6", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/21", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem kcapifony-2.1.6", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html", "name" : "http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html", "name" : "http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kcapifony_project:kcapifony:2.1.6:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5002", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/23", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem lynx-0.2.0", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/23", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem lynx-0.2.0", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/lynx-0.2.0.html", "name" : "http://www.vapid.dhs.org/advisories/lynx-0.2.0.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/lynx-0.2.0.html", "name" : "http://www.vapid.dhs.org/advisories/lynx-0.2.0.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/panthomakos/lynx/issues/3", "name" : "https://github.com/panthomakos/lynx/issues/3", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/panthomakos/lynx/issues/3", "name" : "https://github.com/panthomakos/lynx/issues/3", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lynx_project:lynx:*:*:*:*:*:ruby:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5003", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/24", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem ciborg-3.0.0", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/24", "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem ciborg-3.0.0", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/ciborg-3.0.0.html", "name" : "http://www.vapid.dhs.org/advisories/ciborg-3.0.0.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/ciborg-3.0.0.html", "name" : "http://www.vapid.dhs.org/advisories/ciborg-3.0.0.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ciborg_project:ciborg:3.0.0:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5004", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/10/6", "name" : "[oss-security] 20140710 Vulnerabilities in Ruby Gem brbackup-0.1.1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/10/6", "name" : "[oss-security] 20140710 Vulnerabilities in Ruby Gem brbackup-0.1.1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5", "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/68506", "name" : "68506", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68506", "name" : "68506", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html", "name" : "http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html", "name" : "http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brbackup_project:brbackup:0.1.1:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5007", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2014/Aug/88", "name" : "http://seclists.org/fulldisclosure/2014/Aug/88", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Aug/88", "name" : "http://seclists.org/fulldisclosure/2014/Aug/88", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.manageengine.com/products/desktop-central/remote-code-execution.html", "name" : "https://www.manageengine.com/products/desktop-central/remote-code-execution.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.manageengine.com/products/desktop-central/remote-code-execution.html", "name" : "https://www.manageengine.com/products/desktop-central/remote-code-execution.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0", "versionEndIncluding" : "9.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_desktop_central_managed_service_providers:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0", "versionEndIncluding" : "9.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-17T22:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5011", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/dompdf/dompdf/compare/v0.6.1...v0.6.2", "name" : "https://github.com/dompdf/dompdf/compare/v0.6.1...v0.6.2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/dompdf/dompdf/compare/v0.6.1...v0.6.2", "name" : "https://github.com/dompdf/dompdf/compare/v0.6.1...v0.6.2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/dompdf/dompdf/releases/tag/v0.6.2", "name" : "https://github.com/dompdf/dompdf/releases/tag/v0.6.2", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/dompdf/dompdf/releases/tag/v0.6.2", "name" : "https://github.com/dompdf/dompdf/releases/tag/v0.6.2", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DOMPDF before 0.6.2 allows Information Disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dompdf_project:dompdf:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.6.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-10T06:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5012", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/dompdf/dompdf/compare/v0.6.1...v0.6.2", "name" : "https://github.com/dompdf/dompdf/compare/v0.6.1...v0.6.2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/dompdf/dompdf/compare/v0.6.1...v0.6.2", "name" : "https://github.com/dompdf/dompdf/compare/v0.6.1...v0.6.2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/dompdf/dompdf/releases/tag/v0.6.2", "name" : "https://github.com/dompdf/dompdf/releases/tag/v0.6.2", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/dompdf/dompdf/releases/tag/v0.6.2", "name" : "https://github.com/dompdf/dompdf/releases/tag/v0.6.2", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DOMPDF before 0.6.2 allows denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dompdf_project:dompdf:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.6.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-10T06:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5013", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/dompdf/dompdf/compare/v0.6.1...v0.6.2", "name" : "https://github.com/dompdf/dompdf/compare/v0.6.1...v0.6.2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/dompdf/dompdf/compare/v0.6.1...v0.6.2", "name" : "https://github.com/dompdf/dompdf/compare/v0.6.1...v0.6.2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/dompdf/dompdf/releases/tag/v0.6.2", "name" : "https://github.com/dompdf/dompdf/releases/tag/v0.6.2", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/dompdf/dompdf/releases/tag/v0.6.2", "name" : "https://github.com/dompdf/dompdf/releases/tag/v0.6.2", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dompdf_project:dompdf:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.6.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-10T06:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5014", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wordpress-flash-uploader/changelog/", "name" : "https://wordpress.org/plugins/wordpress-flash-uploader/changelog/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wordpress-flash-uploader/changelog/", "name" : "https://wordpress.org/plugins/wordpress-flash-uploader/changelog/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/support/topic/vulnerability-discovered-2/", "name" : "https://wordpress.org/support/topic/vulnerability-discovered-2/", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://wordpress.org/support/topic/vulnerability-discovered-2/", "name" : "https://wordpress.org/support/topic/vulnerability-discovered-2/", "refsource" : "", "tags" : [ "Issue Tracking" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.1.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-25T17:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5028", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/22/12", "name" : "[oss-security] 20140722 Re: CVE requests for Review Board", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/22/12", "name" : "[oss-security] 20140722 Re: CVE requests for Review Board", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1123692", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1123692", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1123692", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1123692", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813", "name" : "reviewboard-cve20145028-sec-bypass(94813)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813", "name" : "reviewboard-cve20145028-sec-bypass(94813)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27", "name" : "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27", "name" : "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4", "name" : "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4", "name" : "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases", "name" : "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases", "name" : "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:reviewboard:review_board:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0", "versionEndExcluding" : "2.0.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:reviewboard:review_board:*:*:*:*:*:*:*:*", "versionStartExcluding" : "1.7.0", "versionEndExcluding" : "1.7.27", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-29T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5034", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/0pc0deFR/Exploits/blob/master/CVE-2014-5034/exploit.html", "name" : "https://github.com/0pc0deFR/Exploits/blob/master/CVE-2014-5034/exploit.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/0pc0deFR/Exploits/blob/master/CVE-2014-5034/exploit.html", "name" : "https://github.com/0pc0deFR/Exploits/blob/master/CVE-2014-5034/exploit.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/0pc0deFR/wordpress-sploit-framework/blob/master/exploits/Brute_Force_Login_Protection_1_3_Cross_Site_Request_Forgery", "name" : "https://github.com/0pc0deFR/wordpress-sploit-framework/blob/master/exploits/Brute_Force_Login_Protection_1_3_Cross_Site_Request_Forgery", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/0pc0deFR/wordpress-sploit-framework/blob/master/exploits/Brute_Force_Login_Protection_1_3_Cross_Site_Request_Forgery", "name" : "https://github.com/0pc0deFR/wordpress-sploit-framework/blob/master/exploits/Brute_Force_Login_Protection_1_3_Cross_Site_Request_Forgery", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fresh-media:brute_force_login_protection:1.3:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-06T16:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5039", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://groups.google.com/a/eucalyptus.com/forum/#%21topic/security-announce/U4AbkOgpQSA", "name" : "https://groups.google.com/a/eucalyptus.com/forum/#%21topic/security-announce/U4AbkOgpQSA", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/a/eucalyptus.com/forum/#%21topic/security-announce/U4AbkOgpQSA", "name" : "https://groups.google.com/a/eucalyptus.com/forum/#%21topic/security-announce/U4AbkOgpQSA", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eucalyptus:eucalyptus_management_console:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndExcluding" : "4.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.6, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 2.8, "impactScore" : 6.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-31T22:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5043", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-08-18T11:15Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5044", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/24/1", "name" : "[oss-security] 20140723 Re: [CVE request] Array allocation fixes in libgfortran", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/24/1", "name" : "[oss-security] 20140723 Re: [CVE request] Array allocation fixes in libgfortran", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/31/6", "name" : "[oss-security] 20140731 Re: Re: [CVE request] Array allocation fixes in libgfortran", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/31/6", "name" : "[oss-security] 20140731 Re: Re: [CVE request] Array allocation fixes in libgfortran", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", "name" : "libgfortran-cve20145044-overflow(94849)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", "name" : "libgfortran-cve20145044-overflow(94849)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0&view=markup&pathrev=211721", "name" : "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0&view=markup&pathrev=211721", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0&view=markup&pathrev=211721", "name" : "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0&view=markup&pathrev=211721", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:libgfortran:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-07T15:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5068", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5068/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5068/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5068/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5068/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\\ (dot dot forward slash) before a file name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsemi:s350i_firmware:2.70.15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:microsemi:s350i:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-11T16:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5069", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5069/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5069/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5069/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5069/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsemi:s350i_firmware:2.70.15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:microsemi:s350i:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5070", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.portcullis.co.uk/security-research-and-downloads/security-advisories/cve-2014-5070/", "name" : "https://www.portcullis.co.uk/security-research-and-downloads/security-advisories/cve-2014-5070/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.portcullis.co.uk/security-research-and-downloads/security-advisories/cve-2014-5070/", "name" : "https://www.portcullis.co.uk/security-research-and-downloads/security-advisories/cve-2014-5070/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsemi:s350i_firmware:2.70.15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:microsemi:s350i:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-11T16:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5071", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5071/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5071/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5071/", "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5071/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsemi:s350i_firmware:2.70.15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:microsemi:s350i:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5072", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/0pc0deFR/Exploits/tree/master/CVE-2014-5072", "name" : "https://github.com/0pc0deFR/Exploits/tree/master/CVE-2014-5072", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/0pc0deFR/Exploits/tree/master/CVE-2014-5072", "name" : "https://github.com/0pc0deFR/Exploits/tree/master/CVE-2014-5072", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wpsecurityauditlog.com/plugin-change-log/", "name" : "https://www.wpsecurityauditlog.com/plugin-change-log/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.wpsecurityauditlog.com/plugin-change-log/", "name" : "https://www.wpsecurityauditlog.com/plugin-change-log/", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpsecurityauditlog:wp_security_audit_log:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-06T16:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5081", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/34238", "name" : "Exploit Database", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/34238", "name" : "Exploit Database", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sphider:sphider:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sphiderpro:sphider_pro:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sphider-plus:sphider-plus:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-10T13:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5083", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sphider:sphider:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-10T15:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5084", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in either Sphider or Sphider Plus." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sphiderpro:sphider_pro:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-10T15:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5085", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sphider-plus:sphider-plus:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-10T15:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5086", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sphider:sphider:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sphider-plus:sphider-plus:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sphiderpro:sphider_pro:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-10T15:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5087", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vulmon.com/searchpage?page=2&q=Shayan+S", "name" : "https://vulmon.com/searchpage?page=2&q=Shayan+S", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vulmon.com/searchpage?page=2&q=Shayan+S", "name" : "https://vulmon.com/searchpage?page=2&q=Shayan+S", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sphider:sphider:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sphider-plus:sphider-plus:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sphiderpro:sphider_pro:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-07T18:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5091", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", "name" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", "name" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/34239", "name" : "http://www.exploit-db.com/exploits/34239", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/34239", "name" : "http://www.exploit-db.com/exploits/34239", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95111", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95111", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95111", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95111", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/69008", "name" : "https://www.securityfocus.com/bid/69008", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/69008", "name" : "https://www.securityfocus.com/bid/69008", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:status2k:status2k:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-07T18:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5092", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", "name" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", "name" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95112", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95112", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95112", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95112", "refsource" : "", "tags" : [ "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Status2k allows Remote Command Execution in admin/options/editpl.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:status2k:status2k:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-10T14:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5093", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", "name" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", "name" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95113", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95113", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95113", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95113", "refsource" : "", "tags" : [ "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Status2k does not remove the install directory allowing credential reset." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:status2k:status2k:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-10T14:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5118", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136768.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136768.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136768.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136768.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136778.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136778.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136778.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136778.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/30/4", "name" : "http://www.openwall.com/lists/oss-security/2014/07/30/4", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/30/4", "name" : "http://www.openwall.com/lists/oss-security/2014/07/30/4", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/68960", "name" : "http://www.securityfocus.com/bid/68960", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/68960", "name" : "http://www.securityfocus.com/bid/68960", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95063", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95063", "refsource" : "", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95063", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95063", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trusted_boot_project:trusted_boot:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-18T23:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5130", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html", "name" : "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html", "name" : "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/533345/100/0/threaded", "name" : "20140903 Avolve Software ProjectDox Multiple Vulnerability Disclosure", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/533345/100/0/threaded", "name" : "20140903 Avolve Software ProjectDox Multiple Vulnerability Disclosure", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69621", "name" : "69621", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69621", "name" : "69621", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95735", "name" : "projectdox-cve20145130-unath-access(95735)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95735", "name" : "projectdox-cve20145130-unath-access(95735)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Avolve Software ProjectDox 8.1 allows remote authenticated users to obtain sensitive information from other users via vectors involving a direct access token." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:avolvesoftware:projectdox:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-27T21:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5131", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html", "name" : "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html", "name" : "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/533345/100/0/threaded", "name" : "20140903 Avolve Software ProjectDox Multiple Vulnerability Disclosure", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/533345/100/0/threaded", "name" : "20140903 Avolve Software ProjectDox Multiple Vulnerability Disclosure", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69632", "name" : "69632", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69632", "name" : "69632", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95736", "name" : "projectdox-cve20145131-info-disc(95736)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95736", "name" : "projectdox-cve20145131-info-disc(95736)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Avolve Software ProjectDox 8.1 makes it easier for remote authenticated users to obtain sensitive information by leveraging ciphertext reuse." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:avolvesoftware:projectdox:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-27T21:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5132", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html", "name" : "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html", "name" : "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/533345/100/0/threaded", "name" : "20140903 Avolve Software ProjectDox Multiple Vulnerability Disclosure", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/533345/100/0/threaded", "name" : "20140903 Avolve Software ProjectDox Multiple Vulnerability Disclosure", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95737", "name" : "projectdox-cve20145132-info-disc(95737)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95737", "name" : "projectdox-cve20145132-info-disc(95737)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:avolvesoftware:projectdox:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-27T21:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5138", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html", "name" : "https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html", "name" : "https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iii:sierra:1.2_3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-14T16:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5140", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128183/Loaded-Commerce-7-Shopping-Cart-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/128183/Loaded-Commerce-7-Shopping-Cart-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128183/Loaded-Commerce-7-Shopping-Cart-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/128183/Loaded-Commerce-7-Shopping-Cart-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://resources.infosecinstitute.com/exploiting-systemic-query-vulnerabilities-attempt-re-invent-pdo/", "name" : "http://resources.infosecinstitute.com/exploiting-systemic-query-vulnerabilities-attempt-re-invent-pdo/", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://resources.infosecinstitute.com/exploiting-systemic-query-vulnerabilities-attempt-re-invent-pdo/", "name" : "http://resources.infosecinstitute.com/exploiting-systemic-query-vulnerabilities-attempt-re-invent-pdo/", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.exploit-db.com/exploits/34552", "name" : "http://www.exploit-db.com/exploits/34552", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/34552", "name" : "http://www.exploit-db.com/exploits/34552", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95791", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95791", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95791", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95791", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/loadedcommerce/loaded7/pull/520", "name" : "https://github.com/loadedcommerce/loaded7/pull/520", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/loadedcommerce/loaded7/pull/520", "name" : "https://github.com/loadedcommerce/loaded7/pull/520", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:loadedcommerce:loaded7:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-03T20:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5157", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5196. Reason: This candidate is a reservation duplicate of CVE-2014-5196. Notes: All CVE users should reference CVE-2014-5196 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-08-13T18:55Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5170", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/07/31/4", "name" : "[oss-security] 20140731 Re: CVE request for Drupal contributed modules", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/31/4", "name" : "[oss-security] 20140731 Re: CVE request for Drupal contributed modules", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95054", "name" : "drupal-cve20145170-code-exec(95054)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95054", "name" : "drupal-cve20145170-code-exec(95054)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.drupal.org/node/2312655", "name" : "https://www.drupal.org/node/2312655", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2312655", "name" : "https://www.drupal.org/node/2312655", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2312769", "name" : "https://www.drupal.org/node/2312769", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2312769", "name" : "https://www.drupal.org/node/2312769", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:drupal:storage_api:7.x-1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:drupal:storage_api:7.x-1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:drupal:storage_api:7.x-1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:drupal:storage_api:7.x-1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:drupal:storage_api:7.x-1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:drupal:storage_api:7.x-1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:drupal:storage_api:7.x-1.x-dev:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-29T18:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5209", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.f5.com/csp/article/K44942017", "name" : "https://support.f5.com/csp/article/K44942017", "refsource" : "", "tags" : [ ] }, { "url" : "https://support.f5.com/csp/article/K44942017", "name" : "https://support.f5.com/csp/article/K44942017", "refsource" : "", "tags" : [ ] }, { "url" : "https://support.f5.com/csp/article/K44942017", "name" : "https://support.f5.com/csp/article/K44942017", "refsource" : "", "tags" : [ ] }, { "url" : "https://support.f5.com/csp/article/K44942017", "name" : "https://support.f5.com/csp/article/K44942017", "refsource" : "", "tags" : [ ] }, { "url" : "https://support.f5.com/csp/article/K44942017?utm_source=f5support&%3Butm_medium=RSS", "name" : "https://support.f5.com/csp/article/K44942017?utm_source=f5support&%3Butm_medium=RSS", "refsource" : "", "tags" : [ ] }, { "url" : "https://support.f5.com/csp/article/K44942017?utm_source=f5support&%3Butm_medium=RSS", "name" : "https://support.f5.com/csp/article/K44942017?utm_source=f5support&%3Butm_medium=RSS", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_link_controller:11.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "5.4.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.0.0", "versionEndIncluding" : "13.1.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.0.0", "versionEndIncluding" : "13.1.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.0.0", "versionEndIncluding" : "13.1.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.0.0", "versionEndIncluding" : "13.1.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.0.0", "versionEndIncluding" : "13.1.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.0.0", "versionEndIncluding" : "13.1.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.0.0", "versionEndIncluding" : "13.1.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.0.0", "versionEndIncluding" : "13.1.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.0.0", "versionEndIncluding" : "13.1.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.4.0", "versionEndIncluding" : "11.4.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0.0", "versionEndIncluding" : "14.1.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0.0", "versionEndIncluding" : "14.1.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0.0", "versionEndIncluding" : "14.1.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0.0", "versionEndIncluding" : "14.1.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0.0", "versionEndIncluding" : "14.1.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0.0", "versionEndIncluding" : "14.1.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0.0", "versionEndIncluding" : "14.1.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0.0", "versionEndIncluding" : "14.1.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0.0", "versionEndIncluding" : "14.1.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.4.0", "versionEndIncluding" : "11.6.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.0.0", "versionEndIncluding" : "12.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.0.0", "versionEndIncluding" : "12.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.0.0", "versionEndIncluding" : "12.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.0.0", "versionEndIncluding" : "12.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.0.0", "versionEndIncluding" : "12.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.0.0", "versionEndIncluding" : "12.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.0.0", "versionEndIncluding" : "12.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.0.0", "versionEndIncluding" : "12.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.0.0", "versionEndIncluding" : "12.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.5.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.2.0", "versionEndIncluding" : "4.5.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.5.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.1.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.2.1", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.4.0", "versionEndIncluding" : "11.6.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.4.0", "versionEndIncluding" : "11.6.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.4.0", "versionEndIncluding" : "11.6.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.2.1", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.4.0", "versionEndIncluding" : "11.6.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.2.1", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.4.0", "versionEndIncluding" : "11.6.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.2.1", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.4.0", "versionEndIncluding" : "11.6.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.2.1", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.2.1", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.4.0", "versionEndIncluding" : "11.6.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.4.0", "versionEndIncluding" : "11.6.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.2.1", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.2.1", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.2.1", "versionEndIncluding" : "10.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:iworkflow:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0.0", "versionEndIncluding" : "2.3.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:mobilesafe:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:websafe:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-08T01:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5220", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=910500", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=910500", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=910500", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=910500", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.opensuse.org/opensuse-updates/2015-02/msg00069.html", "name" : "openSUSE-SU-2015:0308", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.opensuse.org/opensuse-updates/2015-02/msg00069.html", "name" : "openSUSE-SU-2015:0308", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mdadm_project:mdadm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.3.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-08T17:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5221", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5222", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5223", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5224", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5225", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5226", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5227", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5228", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5229", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5230", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5236", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", "name" : "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", "name" : "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", "name" : "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", "name" : "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.4.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision10:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-31T22:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5238", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", "name" : "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", "name" : "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", "name" : "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", "name" : "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.4.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision10:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-14T16:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5254", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/08/15/4", "name" : "http://www.openwall.com/lists/oss-security/2014/08/15/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/08/15/4", "name" : "http://www.openwall.com/lists/oss-security/2014/08/15/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/69020", "name" : "http://www.securityfocus.com/bid/69020", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69020", "name" : "http://www.securityfocus.com/bid/69020", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756600", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756600", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756600", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756600", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95331", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95331", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95331", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95331", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-5254", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-5254", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-5254", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-5254", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xcfa_project:xcfa:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 4.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.0, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:N/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 3.3 }, "severity" : "LOW", "exploitabilityScore" : 3.4, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-21T23:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5255", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/08/15/4", "name" : "http://www.openwall.com/lists/oss-security/2014/08/15/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/08/15/4", "name" : "http://www.openwall.com/lists/oss-security/2014/08/15/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/69020", "name" : "http://www.securityfocus.com/bid/69020", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69020", "name" : "http://www.securityfocus.com/bid/69020", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756600", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756600", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756600", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756600", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-5255", "name" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-5255", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-5255", "name" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-5255", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95332", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95332", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95332", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95332", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-5255", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-5255", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-5255", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-5255", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xcfa_project:xcfa:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.0, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-21T23:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5278", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/xxg1413/docker-security/tree/master/CVE-2014-5278", "name" : "https://github.com/xxg1413/docker-security/tree/master/CVE-2014-5278", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/xxg1413/docker-security/tree/master/CVE-2014-5278", "name" : "https://github.com/xxg1413/docker-security/tree/master/CVE-2014-5278", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://groups.google.com/forum/#%21topic/docker-announce/lK6fQY6Jy84", "name" : "https://groups.google.com/forum/#%21topic/docker-announce/lK6fQY6Jy84", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/forum/#%21topic/docker-announce/lK6fQY6Jy84", "name" : "https://groups.google.com/forum/#%21topic/docker-announce/lK6fQY6Jy84", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/forum/message/raw?msg=docker-user/jyf9_mYcMI8/EIZfwe2QNzYJ", "name" : "https://groups.google.com/forum/message/raw?msg=docker-user/jyf9_mYcMI8/EIZfwe2QNzYJ", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://groups.google.com/forum/message/raw?msg=docker-user/jyf9_mYcMI8/EIZfwe2QNzYJ", "name" : "https://groups.google.com/forum/message/raw?msg=docker-user/jyf9_mYcMI8/EIZfwe2QNzYJ", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-07T18:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5279", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ", "name" : "https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ", "name" : "https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:boot2docker:boot2docker:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-06T16:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5280", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ", "name" : "https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ", "name" : "https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:boot2docker:boot2docker:*:*:*:*:-:*:*:*", "versionEndIncluding" : "1.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-06T16:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5282", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1168436", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1168436", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1168436", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1168436", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ", "name" : "https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ", "name" : "https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-06T16:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5287", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36609/", "name" : "https://www.exploit-db.com/exploits/36609/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36609/", "name" : "https://www.exploit-db.com/exploits/36609/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.fxc.jp/news/Product_Overview-LoadMaster_Release_Notes.pdf", "name" : "https://www.fxc.jp/news/Product_Overview-LoadMaster_Release_Notes.pdf", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://www.fxc.jp/news/Product_Overview-LoadMaster_Release_Notes.pdf", "name" : "https://www.fxc.jp/news/Product_Overview-LoadMaster_Release_Notes.pdf", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.1-16", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-08T17:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5288", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36609/", "name" : "https://www.exploit-db.com/exploits/36609/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36609/", "name" : "https://www.exploit-db.com/exploits/36609/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kemptechnologies:load_master:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.1.20b", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-07T17:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5289", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/127912/Senkas-Kolibri-WebServer-2.0-Buffer-Overflow.html", "name" : "http://packetstormsecurity.com/files/127912/Senkas-Kolibri-WebServer-2.0-Buffer-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/127912/Senkas-Kolibri-WebServer-2.0-Buffer-Overflow.html", "name" : "http://packetstormsecurity.com/files/127912/Senkas-Kolibri-WebServer-2.0-Buffer-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69263", "name" : "69263", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69263", "name" : "69263", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95350", "name" : "95350", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95350", "name" : "95350", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:senkas_kolibri_project:senkas_kolibri:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-27T21:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5329", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jvn.jp/en/jp/JVN23809730/", "name" : "https://jvn.jp/en/jp/JVN23809730/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jvn.jp/en/jp/JVN23809730/", "name" : "https://jvn.jp/en/jp/JVN23809730/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation.\r\n8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tripodworks:gigapod_officehard_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.04.03", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tripodworks:gigapod_officehard:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tripodworks:gigapod_2010_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.01.02", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tripodworks:gigapod_2010:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tripodworks:gigapod_3_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.01.02", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tripodworks:gigapod_3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2023-09-08T03:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5334", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-254" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/08/19/2", "name" : "[oss-security] 20140819 Re: FreeNAS default blank password", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/08/19/2", "name" : "[oss-security] 20140819 Re: FreeNAS default blank password", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/69249", "name" : "69249", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69249", "name" : "69249", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.freenas.org/issues/5844", "name" : "https://bugs.freenas.org/issues/5844", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.freenas.org/issues/5844", "name" : "https://bugs.freenas.org/issues/5844", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freenas:freenas:9.3:m3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freenas:freenas:*:*:*:*:*:*:*:*", "versionEndIncluding" : "9.2.1.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freenas:freenas:9.3:m2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freenas:freenas:9.3:m1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5367", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5380", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-319" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html", "name" : "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html", "name" : "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Aug/70", "name" : "http://seclists.org/fulldisclosure/2014/Aug/70", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Aug/70", "name" : "http://seclists.org/fulldisclosure/2014/Aug/70", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/69390", "name" : "http://www.securityfocus.com/bid/69390", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69390", "name" : "http://www.securityfocus.com/bid/69390", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95484", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95484", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95484", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95484", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Grand MA 300 allows retrieval of the access PIN from sniffed data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:granding:grand_ma300_firmware:6.60:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:granding:grand_ma300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-13T13:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5381", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html", "name" : "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html", "name" : "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Aug/70", "name" : "http://seclists.org/fulldisclosure/2014/Aug/70", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Aug/70", "name" : "http://seclists.org/fulldisclosure/2014/Aug/70", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/69390", "name" : "http://www.securityfocus.com/bid/69390", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69390", "name" : "http://www.securityfocus.com/bid/69390", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95485", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95485", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95485", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95485", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Grand MA 300 allows a brute-force attack on the PIN." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:granding:grand_ma300_firmware:6.60:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:granding:grand_ma300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-13T13:15Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5394", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/us/psirt/security-advisories/2014/hw-362701", "name" : "http://www.huawei.com/us/psirt/security-advisories/2014/hw-362701", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/us/psirt/security-advisories/2014/hw-362701", "name" : "http://www.huawei.com/us/psirt/security-advisories/2014/hw-362701", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/69302", "name" : "69302", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69302", "name" : "69302", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97763", "name" : "campusswitch-cve20145394-info-disc(97763)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97763", "name" : "campusswitch-cve20145394-info-disc(97763)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9300_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9300_firmware:v200r002c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9300_firmware:v200r003c00spc500:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s9300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9300e_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9300e_firmware:v200r002c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9300e_firmware:v200r003c00spc500:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s9300e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r002c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r003c00spc500:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r002c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r003c00spc500:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s9700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r002c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r003c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r002c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r003c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5300_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5300_firmware:v200r002c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5300_firmware:v200r003c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s5300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6300_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6300_firmware:v200r002c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6300_firmware:v200r003c00spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s2300_firmware:v100r006c05:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s2300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s2700_firmware:v100r006c05:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s2700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s3300_firmware:v100r006c05:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s3300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s3700_firmware:v100r006c05:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s3700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5401", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hospira:mednet:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-26T17:29Z", "lastModifiedDate" : "2024-11-21T02:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5402", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5404", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5416", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5431", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:6.05:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:baxter:sigma_spectrum_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:baxter:wireless_battery_module:16:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-26T16:29Z", "lastModifiedDate" : "2024-11-21T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5432", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:6.05:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:baxter:sigma_spectrum_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:baxter:wireless_battery_module:16:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-26T16:29Z", "lastModifiedDate" : "2024-11-21T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-54321", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-13T11:59Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5433", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:6.05:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:baxter:sigma_spectrum_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:baxter:wireless_battery_module:16:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-26T16:29Z", "lastModifiedDate" : "2024-11-21T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5434", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:6.05:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:baxter:sigma_spectrum_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:baxter:wireless_battery_module:16:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-26T15:29Z", "lastModifiedDate" : "2024-11-21T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5435", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r400", "versionEndExcluding" : "r400.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r410", "versionEndExcluding" : "r410.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r430", "versionEndExcluding" : "r430.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-08T16:29Z", "lastModifiedDate" : "2024-11-21T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5436", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r400", "versionEndExcluding" : "r400.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r410", "versionEndExcluding" : "r410.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r430", "versionEndExcluding" : "r430.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-08T16:29Z", "lastModifiedDate" : "2024-11-21T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5439", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/129292/Sniffit-Root-Shell.html", "name" : "http://packetstormsecurity.com/files/129292/Sniffit-Root-Shell.html", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/129292/Sniffit-Root-Shell.html", "name" : "http://packetstormsecurity.com/files/129292/Sniffit-Root-Shell.html", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Nov/88", "name" : "http://seclists.org/fulldisclosure/2014/Nov/88", "refsource" : "", "tags" : [ ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Nov/88", "name" : "http://seclists.org/fulldisclosure/2014/Nov/88", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/71318", "name" : "http://www.securityfocus.com/bid/71318", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/71318", "name" : "http://www.securityfocus.com/bid/71318", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sniffit_project:sniffit:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.3.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-19T16:15Z", "lastModifiedDate" : "2024-11-21T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5443", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/08/24/3", "name" : "[oss-security] 20140824 CVE-2014-5443: Seafile local horizontal privilege escalation vulnerability", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/08/24/3", "name" : "[oss-security] 20140824 CVE-2014-5443: Seafile local horizontal privilege escalation vulnerability", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.securityfocus.com/bid/69360", "name" : "69360", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69360", "name" : "69360", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95458", "name" : "seafile-cve20145443-priv-esc(95458)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95458", "name" : "seafile-cve20145443-priv-esc(95458)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.html", "name" : "https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.html", "name" : "https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://manual.seafile.com/changelog/server-changelog.html", "name" : "https://manual.seafile.com/changelog/server-changelog.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://manual.seafile.com/changelog/server-changelog.html", "name" : "https://manual.seafile.com/changelog/server-changelog.html", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:seafile:seafile_server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.1.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:seafile:seafile_server:*:*:*:*:professional:*:*:*", "versionEndExcluding" : "3.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-19T21:29Z", "lastModifiedDate" : "2024-11-21T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5450", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137158.html", "name" : "FEDORA-2014-9754", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137158.html", "name" : "FEDORA-2014-9754", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137232.html", "name" : "FEDORA-2014-9768", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137232.html", "name" : "FEDORA-2014-9768", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/08/25/1", "name" : "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/08/25/1", "name" : "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.securityfocus.com/bid/69370", "name" : "69370", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69370", "name" : "69370", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1133439", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1133439", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1133439", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1133439", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95454", "name" : "zarafa-license-info-disc(95454)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95454", "name" : "zarafa-license-info-disc(95454)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zarafa:zarafa_collaboration_platform:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-19T21:29Z", "lastModifiedDate" : "2024-11-21T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5468", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128234/Railo-4.2.1-Remote-File-Inclusion.html", "name" : "http://packetstormsecurity.com/files/128234/Railo-4.2.1-Remote-File-Inclusion.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128234/Railo-4.2.1-Remote-File-Inclusion.html", "name" : "http://packetstormsecurity.com/files/128234/Railo-4.2.1-Remote-File-Inclusion.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/34669", "name" : "http://www.exploit-db.com/exploits/34669", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/34669", "name" : "http://www.exploit-db.com/exploits/34669", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95959", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95959", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95959", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95959", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vulmon.com/vulnerabilitydetails?qid=CVE-2014-5468", "name" : "https://vulmon.com/vulnerabilitydetails?qid=CVE-2014-5468", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vulmon.com/vulnerabilitydetails?qid=CVE-2014-5468", "name" : "https://vulmon.com/vulnerabilitydetails?qid=CVE-2014-5468", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/69761", "name" : "https://www.securityfocus.com/bid/69761", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/69761", "name" : "https://www.securityfocus.com/bid/69761", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getrailo:railo:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.2.1.000", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-07T17:15Z", "lastModifiedDate" : "2024-11-21T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5470", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=35549", "name" : "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=35549", "refsource" : "", "tags" : [ ] }, { "url" : "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=35549", "name" : "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=35549", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/35549", "name" : "https://www.exploit-db.com/exploits/35549", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/35549", "name" : "https://www.exploit-db.com/exploits/35549", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-06-21T22:15Z", "lastModifiedDate" : "2024-11-21T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5500", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Synacor Zimbra Collaboration before 8.0.8 has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-27T19:15Z", "lastModifiedDate" : "2024-11-21T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5509", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/08/30/2", "name" : "[oss-security] 20140829 Re: CVE Request: Clipboard Perl module: clipedit: insecure use of temporary files", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/08/30/2", "name" : "[oss-security] 20140829 Re: CVE Request: Clipboard Perl module: clipedit: insecure use of temporary files", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/69473", "name" : "69473", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69473", "name" : "69473", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1135624", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1135624", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1135624", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1135624", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://rt.cpan.org/Public/Bug/Display.html?id=98435", "name" : "https://rt.cpan.org/Public/Bug/Display.html?id=98435", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://rt.cpan.org/Public/Bug/Display.html?id=98435", "name" : "https://rt.cpan.org/Public/Bug/Display.html?id=98435", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clipboard_project:clipboard:-:*:*:*:*:perl:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5516", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128342/KonaKart-Storefront-Application-Cross-Site-Request-Forgery.html", "name" : "http://packetstormsecurity.com/files/128342/KonaKart-Storefront-Application-Cross-Site-Request-Forgery.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128342/KonaKart-Storefront-Application-Cross-Site-Request-Forgery.html", "name" : "http://packetstormsecurity.com/files/128342/KonaKart-Storefront-Application-Cross-Site-Request-Forgery.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.christian-schneider.net/advisories/CVE-2014-5516.txt", "name" : "http://www.christian-schneider.net/advisories/CVE-2014-5516.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.christian-schneider.net/advisories/CVE-2014-5516.txt", "name" : "http://www.christian-schneider.net/advisories/CVE-2014-5516.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new", "name" : "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new", "name" : "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:konakart:konakart:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.3.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-03T20:15Z", "lastModifiedDate" : "2024-11-21T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5522", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6025. Reason: This candidate is a reservation duplicate of CVE-2014-6025. Notes: All CVE users should reference CVE-2014-6025 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-09-22T10:55Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5523", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5524. Reason: This candidate is a duplicate of CVE-2014-5524. Notes: All CVE users should reference CVE-2014-5524 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-09-22T10:55Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5530", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5754, CVE-2014-5755, CVE-2014-8538. Reason: This candidate is a duplicate of CVE-2014-5754, CVE-2014-5755, and CVE-2014-8538. Further investigation showed that an applicable library product did not exist. Notes: All CVE users should reference CVE-2014-5754, CVE-2014-5755, and/or CVE-2014-8538 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-09-09T01:55Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5533", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5575", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-09-22T10:55Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5619", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5665, CVE-2014-5982. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-5665 and CVE-2014-5982 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-09-09T01:55Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5718", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5809, CVE-2014-5983. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-5809 and CVE-2014-5983 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-09-09T10:55Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5795", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5795. Reason: This candidate is a duplicate of CVE-2013-5795. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-5795 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-03-27T17:56Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5814", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5971, CVE-2014-5984. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-5971 and CVE-2014-5984 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-09-09T01:55Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-5880", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5880. Reason: This candidate is a duplicate of CVE-2013-5880. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-5880 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-03-27T18:55Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-59156", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2352. Reason: This candidate is a duplicate of CVE-2014-2352. The wrong ID was used. Notes: All CVE users should reference CVE-2014-2352 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-13T11:59Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6027", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/09/02/3", "name" : "[oss-security] 20140902 Re: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable)", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/09/02/3", "name" : "[oss-security] 20140902 Re: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable)", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securitytracker.com/id/1030791", "name" : "1030791", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1030791", "name" : "1030791", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759574", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759574", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759574", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759574", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:torrentflux_project:torrentflux:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-16T19:29Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6033", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-11-05T08:28Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6038", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html", "name" : "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html", "name" : "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Nov/12", "name" : "http://seclists.org/fulldisclosure/2014/Nov/12", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Nov/12", "name" : "http://seclists.org/fulldisclosure/2014/Nov/12", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/70959", "name" : "http://www.securityfocus.com/bid/70959", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/70959", "name" : "http://www.securityfocus.com/bid/70959", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98540", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98540", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98540", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98540", "refsource" : "", "tags" : [ "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0", "versionEndIncluding" : "9.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-13T13:15Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6039", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html", "name" : "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html", "name" : "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Nov/12", "name" : "http://seclists.org/fulldisclosure/2014/Nov/12", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Nov/12", "name" : "http://seclists.org/fulldisclosure/2014/Nov/12", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/70960", "name" : "http://www.securityfocus.com/bid/70960", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/70960", "name" : "http://www.securityfocus.com/bid/70960", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98539", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98539", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98539", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98539", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0", "versionEndIncluding" : "9.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-13T13:15Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6045", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://techdefencelabs.com/security-advisories.html", "name" : "http://techdefencelabs.com/security-advisories.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://techdefencelabs.com/security-advisories.html", "name" : "http://techdefencelabs.com/security-advisories.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.8.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-28T17:29Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6046", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://techdefencelabs.com/security-advisories.html", "name" : "http://techdefencelabs.com/security-advisories.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://techdefencelabs.com/security-advisories.html", "name" : "http://techdefencelabs.com/security-advisories.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.8.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-08-28T17:29Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6047", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-275" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://techdefencelabs.com/security-advisories.html", "name" : "http://techdefencelabs.com/security-advisories.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://techdefencelabs.com/security-advisories.html", "name" : "http://techdefencelabs.com/security-advisories.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect \"download an attachment\" permission checks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.8.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-28T17:29Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6048", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://techdefencelabs.com/security-advisories.html", "name" : "http://techdefencelabs.com/security-advisories.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://techdefencelabs.com/security-advisories.html", "name" : "http://techdefencelabs.com/security-advisories.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.8.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-28T17:29Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6049", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-285" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://techdefencelabs.com/security-advisories.html", "name" : "http://techdefencelabs.com/security-advisories.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://techdefencelabs.com/security-advisories.html", "name" : "http://techdefencelabs.com/security-advisories.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.8.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 2.7, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.2, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-28T17:29Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6050", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-254" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://techdefencelabs.com/security-advisories.html", "name" : "http://techdefencelabs.com/security-advisories.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://techdefencelabs.com/security-advisories.html", "name" : "http://techdefencelabs.com/security-advisories.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.8.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-28T17:29Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6059", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128137/WordPress-Advanced-Access-Manager-2.8.2-File-Write-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/128137/WordPress-Advanced-Access-Manager-2.8.2-File-Write-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128137/WordPress-Advanced-Access-Manager-2.8.2-File-Write-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/128137/WordPress-Advanced-Access-Manager-2.8.2-File-Write-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69549", "name" : "http://www.securityfocus.com/bid/69549", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69549", "name" : "http://www.securityfocus.com/bid/69549", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95694", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95694", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95694", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95694", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vasyltech:advanced_access_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.8.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-13T13:15Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6071", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2014/Sep/10", "name" : "20140902 XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Sep/10", "name" : "20140902 XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1136683", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1136683", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1136683", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1136683", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource" : "", "tags" : [ ] }, { "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jquery:jquery:1.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-16T19:29Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6108", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172", "name" : "ibm-sim-cve20146108-info-disc(96172)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172", "name" : "ibm-sim-cve20146108-info-disc(96172)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_identity_manager:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-20T20:29Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6109", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" }, { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96173", "name" : "ibm-sim-cve20146109-ldap-injection(96173)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96173", "name" : "ibm-sim-cve20146109-ldap-injection(96173)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_identity_manager:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.6, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-20T20:29Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6111", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96180", "name" : "ibm-sim-cve20146111-info-disc(96180)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96180", "name" : "ibm-sim-cve20146111-info-disc(96180)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_identity_manager:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-20T20:29Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6112", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96184", "name" : "ibm-sim-cve20146112-weak-security(96184)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96184", "name" : "ibm-sim-cve20146112-weak-security(96184)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_identity_manager:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-20T20:29Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6120", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96721", "name" : "ibm-appscan-cve20146120-command-exec(96721)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96721", "name" : "ibm-appscan-cve20146120-command-exec(96721)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_appscan_source:8.5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_appscan_source:8.0.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_appscan_source:8.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_appscan_source:8.5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_appscan_source:8.0.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan_source:9.0.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan_source:8.6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan_source:8.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan_source:8.6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan_source:8.7.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan_source:9.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan_source:9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan_source:8.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan_source:8.6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-12T21:29Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6169", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103761", "name" : "103761", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103761", "name" : "103761", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97777", "name" : "ibm-forms-cve20146169-xss(97777)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97777", "name" : "ibm-forms-cve20146169-xss(97777)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:forms_experience_builder:8.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:forms_experience_builder:8.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-12T21:29Z", "lastModifiedDate" : "2024-11-21T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6262", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-134" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/449452", "name" : "http://www.kb.cert.org/vuls/id/449452", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/449452", "name" : "http://www.kb.cert.org/vuls/id/449452", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", "name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", "name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec", "name" : "https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec", "name" : "https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786", "name" : "https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786", "name" : "https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/oetiker/rrdtool-1.x/pull/532", "name" : "https://github.com/oetiker/rrdtool-1.x/pull/532", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/oetiker/rrdtool-1.x/pull/532", "name" : "https://github.com/oetiker/rrdtool-1.x/pull/532", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/03/msg00000.html", "name" : "[debian-lts-announce] 20200301 [SECURITY] [DLA 2131-1] rrdtool security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/03/msg00000.html", "name" : "[debian-lts-announce] 20200301 [SECURITY] [DLA 2131-1] rrdtool security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/03/msg00003.html", "name" : "[debian-lts-announce] 20200302 [SECURITY] [DLA 2131-2] rrdtool regression update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/03/msg00003.html", "name" : "[debian-lts-announce] 20200302 [SECURITY] [DLA 2131-2] rrdtool regression update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/71540", "name" : "https://www.securityfocus.com/bid/71540", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/71540", "name" : "https://www.securityfocus.com/bid/71540", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zenoss:zenoss_core:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.2.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-12T02:15Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6275", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html", "name" : "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html", "refsource" : "", "tags" : [ "Mailing List", "Tool Signature" ] }, { "url" : "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html", "name" : "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html", "refsource" : "", "tags" : [ "Mailing List", "Tool Signature" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-6275", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-6275", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-6275", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-6275", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fusionforge:fusionforge:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-02T22:15Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-62771", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271. Reason: This candidate is a duplicate of CVE-2014-6271. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-6271 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-13T11:59Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6309", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.tenefit.com/hc/en-us/articles/115004550547-Advisory-for-KGS-879", "name" : "https://support.tenefit.com/hc/en-us/articles/115004550547-Advisory-for-KGS-879", "refsource" : "Tenefit Corp", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.kaazing.com/hc/en-us/articles/115004550547-Advisory-for-KGS-879", "name" : "https://support.kaazing.com/hc/en-us/articles/115004550547-Advisory-for-KGS-879", "refsource" : "", "tags" : [ "Broken Link", "Vendor Advisory" ] }, { "url" : "https://support.kaazing.com/hc/en-us/articles/115004550547-Advisory-for-KGS-879", "name" : "https://support.kaazing.com/hc/en-us/articles/115004550547-Advisory-for-KGS-879", "refsource" : "", "tags" : [ "Broken Link", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tenefit:kaazing_websocket_gateway:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tenefit:kaazing_websocket_gateway:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tenefit:kaazing_websocket_gateway:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tenefit:kaazing_websocket_gateway:4.0.2:*:*:*:jms:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tenefit:kaazing_websocket_gateway:4.0.3:*:*:*:jms:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tenefit:kaazing_websocket_gateway:4.0.4:*:*:*:jms:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-12T15:29Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6310", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/09/11/6", "name" : "http://www.openwall.com/lists/oss-security/2014/09/11/6", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/09/11/6", "name" : "http://www.openwall.com/lists/oss-security/2014/09/11/6", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/69727", "name" : "http://www.securityfocus.com/bid/69727", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69727", "name" : "http://www.securityfocus.com/bid/69727", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html", "name" : "https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html", "name" : "https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-6310", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-6310", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-6310", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-6310", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:call-cc:chicken:4.9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:call-cc:chicken:4.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-22T19:15Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6311", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-330" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/09/11/5", "name" : "http://www.openwall.com/lists/oss-security/2014/09/11/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/09/11/5", "name" : "http://www.openwall.com/lists/oss-security/2014/09/11/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/09/12/6", "name" : "http://www.openwall.com/lists/oss-security/2014/09/12/6", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/09/12/6", "name" : "http://www.openwall.com/lists/oss-security/2014/09/12/6", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760709", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760709", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760709", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760709", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-6311", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-6311", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-6311", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-6311", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vanderbilt:adaptive_communication_environment:6.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vanderbilt:adaptive_communication_environment:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.2.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vanderbilt:adaptive_communication_environment:6.2.7:dfsg-2:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-22T19:15Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6320", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6338", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6358", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6359", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6367", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6370", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6371", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6372", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6388", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3634. Reason: This candidate is a reservation duplicate of CVE-2014-3634. Notes: All CVE users should reference CVE-2014-3634 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-10-13T18:55Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6412", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-640" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/130380/WordPress-Failed-Randomness.html", "name" : "http://packetstormsecurity.com/files/130380/WordPress-Failed-Randomness.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/130380/WordPress-Failed-Randomness.html", "name" : "http://packetstormsecurity.com/files/130380/WordPress-Failed-Randomness.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Feb/42", "name" : "20150211 CVE-2014-6412 - WordPress (all versions) lacks CSPRNG", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Feb/42", "name" : "20150211 CVE-2014-6412 - WordPress (all versions) lacks CSPRNG", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Feb/53", "name" : "20150212 Followup on CVE-2014-6412", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Feb/53", "name" : "20150212 Followup on CVE-2014-6412", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/72589", "name" : "72589", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72589", "name" : "72589", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1031749", "name" : "1031749", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1031749", "name" : "1031749", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1192474", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1192474", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1192474", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1192474", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://core.trac.wordpress.org/ticket/28633", "name" : "https://core.trac.wordpress.org/ticket/28633", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://core.trac.wordpress.org/ticket/28633", "name" : "https://core.trac.wordpress.org/ticket/28633", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-12T21:29Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6413", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2014/Sep/70", "name" : "http://seclists.org/fulldisclosure/2014/Sep/70", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Sep/70", "name" : "http://seclists.org/fulldisclosure/2014/Sep/70", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/69958", "name" : "http://www.securityfocus.com/bid/69958", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69958", "name" : "http://www.securityfocus.com/bid/69958", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96069", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96069", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96069", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96069", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/128310", "name" : "https://packetstormsecurity.com/files/128310", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/128310", "name" : "https://packetstormsecurity.com/files/128310", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:watchguard:fireware_xtm:11.8.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-07T16:15Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6420", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128293/Livefyre-LiveComments-3.0-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/128293/Livefyre-LiveComments-3.0-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128293/Livefyre-LiveComments-3.0-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/128293/Livefyre-LiveComments-3.0-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96037", "name" : "96037", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96037", "name" : "96037", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:livefyre:livecomments:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-27T21:15Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6435", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", "name" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", "name" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69809", "name" : "69809", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69809", "name" : "69809", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:aztech:adsl_dsl5018en_\\(1t1r\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:aztech:adsl_dsl5018en_\\(1t1r\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:aztech:dsl705e_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:aztech:dsl705e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:aztech:dsl705eu_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:aztech:dsl705eu:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T17:29Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6436", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", "name" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", "name" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/533489/100/0/threaded", "name" : "20140919 Re: Multiple Vulnerabilities with Aztech Modem Routers", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/533489/100/0/threaded", "name" : "20140919 Re: Multiple Vulnerabilities with Aztech Modem Routers", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/69811", "name" : "69811", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69811", "name" : "69811", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:aztech:adsl_dsl5018en_\\(1t1r\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:aztech:adsl_dsl5018en_\\(1t1r\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:aztech:dsl705e_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:aztech:dsl705e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:aztech:dsl705eu_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:aztech:dsl705eu:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T17:29Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6437", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", "name" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", "name" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/533489/100/0/threaded", "name" : "20140919 Re: Multiple Vulnerabilities with Aztech Modem Routers", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/533489/100/0/threaded", "name" : "20140919 Re: Multiple Vulnerabilities with Aztech Modem Routers", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/69808", "name" : "69808", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/69808", "name" : "69808", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:aztech:adsl_dsl5018en_\\(1t1r\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:aztech:adsl_dsl5018en_\\(1t1r\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:aztech:dsl705e_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:aztech:dsl705e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:aztech:dsl705eu_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:aztech:dsl705eu:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T17:29Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6447", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682", "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682", "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securitytracker.com/id/1032846", "name" : "http://www.securitytracker.com/id/1032846", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1032846", "name" : "http://www.securitytracker.com/id/1032846", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d20:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d40:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d15:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d25:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d30:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d35:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x47:d15:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x47:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.1:r2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.1:r3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.1:r1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.1:r4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.1:r4-s2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.1:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2:r4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2:r3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2:r5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2:r2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2:r1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.3:r1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.3:r2-s2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.3:r2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.3:r3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.3:r10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.3:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1:r1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1:r2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.2:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 3.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-11T17:15Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6448", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695", "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695", "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.3:r1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2:r4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2:r3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2:r2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.3:r2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2:r1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2x51:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.3:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2x52:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T18:15Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6604", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://barmat.io/blog/2014/10/01/stored-xss-vulnerability-in-the-wordpress-plugin-subscribe2/", "name" : "http://barmat.io/blog/2014/10/01/stored-xss-vulnerability-in-the-wordpress-plugin-subscribe2/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://barmat.io/blog/2014/10/01/stored-xss-vulnerability-in-the-wordpress-plugin-subscribe2/", "name" : "http://barmat.io/blog/2014/10/01/stored-xss-vulnerability-in-the-wordpress-plugin-subscribe2/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/993564/subscribe2", "name" : "https://plugins.trac.wordpress.org/changeset/993564/subscribe2", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/993564/subscribe2", "name" : "https://plugins.trac.wordpress.org/changeset/993564/subscribe2", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:subscribe2_project:subscribe2:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "10.16", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-29T18:29Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6617", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128976/Softing-FG-100-PB-Hardcoded-Backdoor.html", "name" : "http://packetstormsecurity.com/files/128976/Softing-FG-100-PB-Hardcoded-Backdoor.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128976/Softing-FG-100-PB-Hardcoded-Backdoor.html", "name" : "http://packetstormsecurity.com/files/128976/Softing-FG-100-PB-Hardcoded-Backdoor.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/533902/100/0/threaded", "name" : "20141105 CVE-2014-6617 Softing FG-100 Backdoor Account", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/533902/100/0/threaded", "name" : "20141105 CVE-2014-6617 Softing FG-100 Backdoor Account", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/70927", "name" : "70927", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/70927", "name" : "70927", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98512", "name" : "fg100pb-cve20146617-default-account(98512)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98512", "name" : "fg100pb-cve20146617-default-account(98512)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2014-005_softring_backdoor_account.txt", "name" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2014-005_softring_backdoor_account.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2014-005_softring_backdoor_account.txt", "name" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2014-005_softring_backdoor_account.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:industrial.softing:fg-100_pb_profibus_firmware:fg-x00-pb_v2.02.0.00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:industrial.softing:fg-100_pb_profibus:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-09T20:29Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6633", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.tryton.org/posts/security-release-for-issue4155.html", "name" : "http://www.tryton.org/posts/security-release-for-issue4155.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.tryton.org/posts/security-release-for-issue4155.html", "name" : "http://www.tryton.org/posts/security-release-for-issue4155.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugs.tryton.org/issue4155", "name" : "https://bugs.tryton.org/issue4155", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugs.tryton.org/issue4155", "name" : "https://bugs.tryton.org/issue4155", "refsource" : "", "tags" : [ "Issue Tracking" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tryton:tryton:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.4.0", "versionEndExcluding" : "2.4.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tryton:tryton:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.6.0", "versionEndExcluding" : "2.6.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tryton:tryton:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.8.0", "versionEndExcluding" : "2.8.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tryton:tryton:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.0", "versionEndExcluding" : "3.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tryton:tryton:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.2.0", "versionEndExcluding" : "3.2.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-12T15:29Z", "lastModifiedDate" : "2024-11-21T02:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6644", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6809", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6846, CVE-2014-6847. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-6846 and CVE-2014-6847 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-09-30T17:55Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6811", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6849", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-6915", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7046, CVE-2014-7047. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-7046 and CVE-2014-7047 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-10-13T18:55Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7014", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7051", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7074", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7081", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7094", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7095", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7096", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7097", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7105", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7110", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7112", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7114", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7126", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7130", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7133", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7143", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/09/22/2", "name" : "http://www.openwall.com/lists/oss-security/2014/09/22/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96135", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96135", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-7143", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-7143", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/09/22/2", "name" : "http://www.openwall.com/lists/oss-security/2014/09/22/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-7143", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-7143", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96135", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96135", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Python Twisted 14.0 trustRoot is not respected in HTTP client" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:twisted:twisted:14.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-12T14:15Z", "lastModifiedDate" : "2024-11-25T18:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7173", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:farsite:farlinx_x25_gateway_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2014-09-25", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:farsite:farlinx_x25_gateway:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-06-01T17:15Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7174", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:farsite:farlinx_x25_gateway_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2014-09-25", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:farsite:farlinx_x25_gateway:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-06-01T17:15Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7175", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:farsite:farlinx_x25_gateway_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2014-09-25", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:farsite:farlinx_x25_gateway:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-06-01T17:15Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7196", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a duplicate of CVE-2014-7169. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-7169 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-02-15T20:59Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7198", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.openmicroscopy.org.uk/pipermail/ome-users/2014-November/004871.html", "name" : "http://lists.openmicroscopy.org.uk/pipermail/ome-users/2014-November/004871.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.openmicroscopy.org/security/advisories/2014-SV3-csrf/", "name" : "https://www.openmicroscopy.org/security/advisories/2014-SV3-csrf/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.openmicroscopy.org.uk/pipermail/ome-users/2014-November/004871.html", "name" : "http://lists.openmicroscopy.org.uk/pipermail/ome-users/2014-November/004871.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.openmicroscopy.org/security/advisories/2014-SV3-csrf/", "name" : "https://www.openmicroscopy.org/security/advisories/2014-SV3-csrf/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openmicroscopy:omero:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-04-01T00:29Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-72038", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2353. Reason: This candidate is a duplicate of CVE-2014-2353. The wrong ID was used. Notes: All CVE users should reference CVE-2014-2353 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-13T11:59Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7211", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7212", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7213", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7214", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7215", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7221", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905", "name" : "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://r4p3.net/public/ts3bbcodefreeze.txt", "name" : "http://r4p3.net/public/ts3bbcodefreeze.txt", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/bid/70219", "name" : "70219", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96889", "name" : "teamspeakclient-cve20147221-bo(96889)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html", "name" : "https://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905", "name" : "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html", "name" : "https://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96889", "name" : "teamspeakclient-cve20147221-bo(96889)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/70219", "name" : "70219", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://r4p3.net/public/ts3bbcodefreeze.txt", "name" : "http://r4p3.net/public/ts3bbcodefreeze.txt", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab containing [img]//http:// substrings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:teamspeak:teamspeak3:*:*:*:*:client:*:*:*", "versionEndIncluding" : "3.0.14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7222", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html", "name" : "http://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905/", "name" : "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://r4p3.net/public/ts3bbcodefreeze.txt", "name" : "http://r4p3.net/public/ts3bbcodefreeze.txt", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/bid/70219", "name" : "70219", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96890", "name" : "teamspeakclient-cve20147222-bo(96890)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html", "name" : "http://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96890", "name" : "teamspeakclient-cve20147222-bo(96890)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/70219", "name" : "70219", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://r4p3.net/public/ts3bbcodefreeze.txt", "name" : "http://r4p3.net/public/ts3bbcodefreeze.txt", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905/", "name" : "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905/", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab with two \\\\ (backslash) characters, a digit, a \\ (backslash) character, and \"z\" in a series of nested img BBCODE tags." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:teamspeak:teamspeak3:*:*:*:*:client:*:*:*", "versionEndIncluding" : "3.0.14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7224", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/10/02/20", "name" : "http://www.openwall.com/lists/oss-security/2014/10/02/20", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://daoyuan14.github.io/news/newattackvector.html", "name" : "https://daoyuan14.github.io/news/newattackvector.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96833", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96833", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/70222", "name" : "https://www.securityfocus.com/bid/70222", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/10/02/20", "name" : "http://www.openwall.com/lists/oss-security/2014/10/02/20", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/70222", "name" : "https://www.securityfocus.com/bid/70222", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96833", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96833", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://daoyuan14.github.io/news/newattackvector.html", "name" : "https://daoyuan14.github.io/news/newattackvector.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-07T16:15Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7227", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187. Reason: This candidate is a duplicate of CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187. Notes: All CVE users should reference CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-10-03T18:55Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7234", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7233. Reason: This issue was MERGED into CVE-2014-7233 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-7233 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-08-04T14:59Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7236", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Oct/44", "name" : "http://seclists.org/fulldisclosure/2014/Oct/44", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/70372", "name" : "70372", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1030981", "name" : "http://www.securitytracker.com/id/1030981", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1030981", "name" : "http://www.securitytracker.com/id/1030981", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/70372", "name" : "70372", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Oct/44", "name" : "http://seclists.org/fulldisclosure/2014/Oct/44", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:twiki:twiki:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.2", "versionEndIncluding" : "4.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.3", "versionEndIncluding" : "4.3.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.1.0", "versionEndIncluding" : "5.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0", "versionEndIncluding" : "5.0.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.1", "versionEndIncluding" : "4.1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-17T22:15Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7238", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpvulndb.com/vulnerabilities/8235", "name" : "https://wpvulndb.com/vulnerabilities/8235", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/8235", "name" : "https://wpvulndb.com/vulnerabilities/8235", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:formget:contact_form_integrated_with_google_maps:*:*:*:*:*:wordpress:*:*", "versionStartIncluding" : "1.0", "versionEndIncluding" : "2.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-23T15:15Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7244", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7245", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7257", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://jvn.jp/en/jp/JVN70490316/index.html", "name" : "http://jvn.jp/en/jp/JVN70490316/index.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000142.html", "name" : "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000142.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://jvn.jp/en/jp/JVN70490316/index.html", "name" : "http://jvn.jp/en/jp/JVN70490316/index.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000142.html", "name" : "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000142.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in DBD::PgPP 0.05 and earlier" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dbd\\:\\:pgpp_project:dbd\\:\\:pgpp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.05", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-11T19:15Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7271", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-306" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html", "name" : "FEDORA-2014-12308", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html", "name" : "FEDORA-2014-12442", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/10/06/4", "name" : "[oss-security] 20141006 Re: various sddm vulnerabilities", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List" ] }, { "url" : "http://www.securityfocus.com/bid/70767", "name" : "70767", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1149608", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1149608", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98421", "name" : "sddm-cve20147271-sec-bypass(98421)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/sddm/sddm/pull/279/files", "name" : "https://github.com/sddm/sddm/pull/279/files", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/sddm/sddm/wiki/0.10.0-Release-Announcement", "name" : "https://github.com/sddm/sddm/wiki/0.10.0-Release-Announcement", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html", "name" : "FEDORA-2014-12308", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/sddm/sddm/wiki/0.10.0-Release-Announcement", "name" : "https://github.com/sddm/sddm/wiki/0.10.0-Release-Announcement", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/sddm/sddm/pull/279/files", "name" : "https://github.com/sddm/sddm/pull/279/files", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98421", "name" : "sddm-cve20147271-sec-bypass(98421)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1149608", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1149608", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "http://www.securityfocus.com/bid/70767", "name" : "70767", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/10/06/4", "name" : "[oss-security] 20141006 Re: various sddm vulnerabilities", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html", "name" : "FEDORA-2014-12442", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user \"sddm\" without authentication." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sddm_project:sddm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.10.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-08T20:29Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7272", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html", "name" : "FEDORA-2014-12308", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html", "name" : "FEDORA-2014-12442", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/10/06/4", "name" : "[oss-security] 20141006 Re: various sddm vulnerabilities", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1149610", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1149610", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://github.com/sddm/sddm/pull/280", "name" : "https://github.com/sddm/sddm/pull/280", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html", "name" : "FEDORA-2014-12308", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/sddm/sddm/pull/280", "name" : "https://github.com/sddm/sddm/pull/280", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1149610", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1149610", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/10/06/4", "name" : "[oss-security] 20141006 Re: various sddm vulnerabilities", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html", "name" : "FEDORA-2014-12442", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sddm_project:sddm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.10.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-08T20:29Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7301", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-276" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/", "name" : "https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html", "name" : "https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/", "name" : "https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html", "name" : "https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:sgi_tempo:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 6.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 4.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T18:15Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7302", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-276" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/129465/SGI-Tempo-vx-Setuid-Privilege-Escalation.html", "name" : "http://packetstormsecurity.com/files/129465/SGI-Tempo-vx-Setuid-Privilege-Escalation.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://labs.mwrinfosecurity.com/advisories/2014/12/02/sgi-suid-root-privilege-escalation/", "name" : "https://labs.mwrinfosecurity.com/advisories/2014/12/02/sgi-suid-root-privilege-escalation/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://packetstormsecurity.com/files/129465/SGI-Tempo-vx-Setuid-Privilege-Escalation.html", "name" : "http://packetstormsecurity.com/files/129465/SGI-Tempo-vx-Setuid-Privilege-Escalation.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://labs.mwrinfosecurity.com/advisories/2014/12/02/sgi-suid-root-privilege-escalation/", "name" : "https://labs.mwrinfosecurity.com/advisories/2014/12/02/sgi-suid-root-privilege-escalation/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:sgi_tempo:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T18:15Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7303", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-276" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.f-secure.com/advisories/sgi-tempo-system-database-exposure/", "name" : "https://labs.f-secure.com/advisories/sgi-tempo-system-database-exposure/", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/129467/SGI-Tempo-Database-Exposure.html", "name" : "https://packetstormsecurity.com/files/129467/SGI-Tempo-Database-Exposure.html", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://labs.f-secure.com/advisories/sgi-tempo-system-database-exposure/", "name" : "https://labs.f-secure.com/advisories/sgi-tempo-system-database-exposure/", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/129467/SGI-Tempo-Database-Exposure.html", "name" : "https://packetstormsecurity.com/files/129467/SGI-Tempo-Database-Exposure.html", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:sgi_tempo:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T18:15Z", "lastModifiedDate" : "2024-11-21T02:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7308", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7311", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7312", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7318", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7319", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7322", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7324", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7332", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7343", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7347", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7349", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7350", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7355", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7356", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7363", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7365", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7377", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7381", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7383", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7386", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7400", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7401", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7404", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7411", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7412", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7426", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7429", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7438", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7440", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7442", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7451", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7453", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7473", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7474", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7477", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7479", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7480", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7482", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7489", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7496", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7500", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7503", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7504", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7511", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7512", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7514", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7531", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7537", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7540", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7541", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7545", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7548", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7549", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7556", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7561", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7574", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7579", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7583", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7586", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7588", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7594", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7599", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7600", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7601", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7615", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7619", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7623", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7625", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7627", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7635", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7637", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7639", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7641", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7645", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7651", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7653", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7654", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7657", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7658", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7662", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7665", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7669", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7672", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7673", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7675", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7678", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7679", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7680", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7684", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7687", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7699", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7704", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7706", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7709", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7711", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7729", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7730", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7732", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7736", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7738", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7747", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7790", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7792", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7801", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7805", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7806", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7820", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7844", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://linux.oracle.com/errata/ELSA-2014-1999.html", "name" : "http://linux.oracle.com/errata/ELSA-2014-1999.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://linux.oracle.com/errata/ELSA-2014-1999.html", "name" : "http://linux.oracle.com/errata/ELSA-2014-1999.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2014-1999.html", "name" : "http://rhn.redhat.com/errata/RHSA-2014-1999.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2014-1999.html", "name" : "http://rhn.redhat.com/errata/RHSA-2014-1999.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q4/1066", "name" : "http://seclists.org/oss-sec/2014/q4/1066", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q4/1066", "name" : "http://seclists.org/oss-sec/2014/q4/1066", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2014/dsa-3104", "name" : "http://www.debian.org/security/2014/dsa-3104", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2014/dsa-3104", "name" : "http://www.debian.org/security/2014/dsa-3104", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2014/dsa-3105", "name" : "http://www.debian.org/security/2014/dsa-3105", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2014/dsa-3105", "name" : "http://www.debian.org/security/2014/dsa-3105", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bsd_mailx_project:bsd_mailx:8.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-14T17:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7854", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-07T17:15Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7855", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7856", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7862", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html", "name" : "http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html", "name" : "http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jan/2", "name" : "20150102 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jan/2", "name" : "20150102 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/534356/100/0/threaded", "name" : "20141231 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/534356/100/0/threaded", "name" : "20141231 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/71849", "name" : "71849", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/71849", "name" : "71849", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99595", "name" : "desktopcentral-cve20147862-sec-bypass(99595)", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99595", "name" : "desktopcentral-cve20147862-sec-bypass(99595)", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt", "name" : "https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt", "name" : "https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html", "name" : "https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html", "name" : "https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin", "name" : "https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin", "name" : "https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:desktop_central:*:*:*:*:managed_service_providers:*:*:*", "versionEndExcluding" : "90109", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:desktop_central:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-04T17:29Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7863", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jan/114", "name" : "http://seclists.org/fulldisclosure/2015/Jan/114", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jan/114", "name" : "http://seclists.org/fulldisclosure/2015/Jan/114", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt", "name" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt", "name" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet", "name" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet", "name" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_it360:*:*:*:*:*:*:*:*", "versionEndIncluding" : "10.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8", "versionEndIncluding" : "11.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*", "versionEndIncluding" : "11.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-08T17:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7865", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-18T02:59Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7887", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7914", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/external/bluetooth/bluedroid/+/0360aa7c418152a3e5e335a065ac3629cbb09559", "name" : "https://android.googlesource.com/platform/external/bluetooth/bluedroid/+/0360aa7c418152a3e5e335a065ac3629cbb09559", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://android.googlesource.com/platform/external/bluetooth/bluedroid/+/0360aa7c418152a3e5e335a065ac3629cbb09559", "name" : "https://android.googlesource.com/platform/external/bluetooth/bluedroid/+/0360aa7c418152a3e5e335a065ac3629cbb09559", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-21T02:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7951", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/131510/ADB-Backup-Traversal-File-Overwrite.html", "name" : "http://packetstormsecurity.com/files/131510/ADB-Backup-Traversal-File-Overwrite.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/131510/ADB-Backup-Traversal-File-Overwrite.html", "name" : "http://packetstormsecurity.com/files/131510/ADB-Backup-Traversal-File-Overwrite.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Apr/51", "name" : "http://seclists.org/fulldisclosure/2015/Apr/51", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Apr/51", "name" : "http://seclists.org/fulldisclosure/2015/Apr/51", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/74211", "name" : "http://www.securityfocus.com/bid/74211", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/74211", "name" : "http://www.securityfocus.com/bid/74211", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/7bc601d%5E%21/#F0", "name" : "https://android.googlesource.com/platform/frameworks/base/+/7bc601d%5E%21/#F0", "refsource" : "", "tags" : [ ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/7bc601d%5E%21/#F0", "name" : "https://android.googlesource.com/platform/frameworks/base/+/7bc601d%5E%21/#F0", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/36813/", "name" : "https://www.exploit-db.com/exploits/36813/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36813/", "name" : "https://www.exploit-db.com/exploits/36813/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 4.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-20T16:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7952", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/132645/ADB-Backup-APK-Injection.html", "name" : "http://packetstormsecurity.com/files/132645/ADB-Backup-APK-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/132645/ADB-Backup-APK-Injection.html", "name" : "http://packetstormsecurity.com/files/132645/ADB-Backup-APK-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jul/46", "name" : "20150710 CVE-2014-7952, Android ADB backup APK injection vulnerability", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jul/46", "name" : "20150710 CVE-2014-7952, Android ADB backup APK injection vulnerability", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.search-lab.hu/about-us/news/110-android-adb-backup-apk-injection-vulnerability", "name" : "http://www.search-lab.hu/about-us/news/110-android-adb-backup-apk-injection-vulnerability", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.search-lab.hu/about-us/news/110-android-adb-backup-apk-injection-vulnerability", "name" : "http://www.search-lab.hu/about-us/news/110-android-adb-backup-apk-injection-vulnerability", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/535980/100/0/threaded", "name" : "20150710 CVE-2014-7952, Android ADB backup APK injection vulnerability", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/535980/100/0/threaded", "name" : "20150710 CVE-2014-7952, Android ADB backup APK injection vulnerability", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/75705", "name" : "75705", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/75705", "name" : "75705", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/irsl/ADB-Backup-APK-Injection/", "name" : "https://github.com/irsl/ADB-Backup-APK-Injection/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/irsl/ADB-Backup-APK-Injection/", "name" : "https://github.com/irsl/ADB-Backup-APK-Injection/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T17:29Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-7969", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8739. Reason: This candidate is a duplicate of CVE-2014-8739. Notes: All CVE users should reference CVE-2014-8739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-02-11T18:15Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8038", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8039", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8040", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8041", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8042", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8043", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8044", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8045", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8046", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8047", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8048", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8049", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8050", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8051", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8052", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8053", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8054", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8055", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8056", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8057", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8058", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8059", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8060", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8061", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8062", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8063", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8064", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8065", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8066", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8067", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8089", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://framework.zend.com/security/advisory/ZF2014-06", "name" : "http://framework.zend.com/security/advisory/ZF2014-06", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://framework.zend.com/security/advisory/ZF2014-06", "name" : "http://framework.zend.com/security/advisory/ZF2014-06", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q4/276", "name" : "http://seclists.org/oss-sec/2014/q4/276", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q4/276", "name" : "http://seclists.org/oss-sec/2014/q4/276", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/70011", "name" : "70011", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/70011", "name" : "70011", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151277", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151277", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151277", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151277", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.3.0", "versionEndExcluding" : "2.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.2.0", "versionEndExcluding" : "2.2.8", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-17T22:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8107", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-10022. Reason: This candidate is a reservation duplicate of CVE-2014-10022. Notes: All CVE users should reference CVE-2014-10022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-07-20T15:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8113", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-07T17:15Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8126", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://rhn.redhat.com/errata/RHSA-2015-0035.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-0035.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-0035.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-0035.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-0036.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-0036.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-0036.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-0036.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1169800", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1169800", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1169800", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1169800", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://www-auth.cs.wisc.edu/lists/htcondor-users/2015-January/msg00034.shtml", "name" : "https://www-auth.cs.wisc.edu/lists/htcondor-users/2015-January/msg00034.shtml", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www-auth.cs.wisc.edu/lists/htcondor-users/2015-January/msg00034.shtml", "name" : "https://www-auth.cs.wisc.edu/lists/htcondor-users/2015-January/msg00034.shtml", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wisc:htcondor:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.2.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-31T22:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8128", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html", "name" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html", "name" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html", "name" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html", "name" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/01/24/15", "name" : "http://openwall.com/lists/oss-security/2015/01/24/15", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/01/24/15", "name" : "http://openwall.com/lists/oss-security/2015/01/24/15", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://support.apple.com/kb/HT204941", "name" : "http://support.apple.com/kb/HT204941", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://support.apple.com/kb/HT204941", "name" : "http://support.apple.com/kb/HT204941", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://support.apple.com/kb/HT204942", "name" : "http://support.apple.com/kb/HT204942", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://support.apple.com/kb/HT204942", "name" : "http://support.apple.com/kb/HT204942", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt", "name" : "http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt", "name" : "http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185812", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185812", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185812", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185812", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.0.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.4", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.10.4", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-12T03:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8129", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2487", "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2487", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2487", "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2487", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2488", "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2488", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2488", "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2488", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html", "name" : "APPLE-SA-2015-06-30-1", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html", "name" : "APPLE-SA-2015-06-30-1", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html", "name" : "APPLE-SA-2015-06-30-2", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html", "name" : "APPLE-SA-2015-06-30-2", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/01/24/15", "name" : "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/01/24/15", "name" : "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2016-1546.html", "name" : "RHSA-2016:1546", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2016-1546.html", "name" : "RHSA-2016:1546", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2016-1547.html", "name" : "RHSA-2016:1547", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2016-1547.html", "name" : "RHSA-2016:1547", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://support.apple.com/kb/HT204941", "name" : "http://support.apple.com/kb/HT204941", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://support.apple.com/kb/HT204941", "name" : "http://support.apple.com/kb/HT204941", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://support.apple.com/kb/HT204942", "name" : "http://support.apple.com/kb/HT204942", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://support.apple.com/kb/HT204942", "name" : "http://support.apple.com/kb/HT204942", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt", "name" : "http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt", "name" : "http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/72352", "name" : "72352", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72352", "name" : "72352", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1032760", "name" : "1032760", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1032760", "name" : "1032760", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185815", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185815", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185815", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185815", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://security.gentoo.org/glsa/201701-16", "name" : "GLSA-201701-16", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201701-16", "name" : "GLSA-201701-16", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2015/dsa-3273", "name" : "DSA-3273", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2015/dsa-3273", "name" : "DSA-3273", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libtiff:libtiff:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:iphone:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:ipad2:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:ipodtouch:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-12T02:29Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8130", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-369" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2483", "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2483", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2483", "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2483", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html", "name" : "APPLE-SA-2015-06-30-1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html", "name" : "APPLE-SA-2015-06-30-1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html", "name" : "APPLE-SA-2015-06-30-2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html", "name" : "APPLE-SA-2015-06-30-2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/01/24/15", "name" : "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/01/24/15", "name" : "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2016-1546.html", "name" : "RHSA-2016:1546", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2016-1546.html", "name" : "RHSA-2016:1546", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2016-1547.html", "name" : "RHSA-2016:1547", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2016-1547.html", "name" : "RHSA-2016:1547", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://support.apple.com/kb/HT204941", "name" : "http://support.apple.com/kb/HT204941", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://support.apple.com/kb/HT204941", "name" : "http://support.apple.com/kb/HT204941", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://support.apple.com/kb/HT204942", "name" : "http://support.apple.com/kb/HT204942", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://support.apple.com/kb/HT204942", "name" : "http://support.apple.com/kb/HT204942", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt", "name" : "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt", "name" : "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/72353", "name" : "72353", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72353", "name" : "72353", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1032760", "name" : "1032760", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1032760", "name" : "1032760", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185817", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185817", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185817", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185817", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543", "name" : "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543", "name" : "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://security.gentoo.org/glsa/201701-16", "name" : "GLSA-201701-16", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201701-16", "name" : "GLSA-201701-16", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libtiff:libtiff:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:ipodtouch:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:ipad2:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:iphone:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-12T02:29Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8139", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ocert.org/advisories/ocert-2014-011.html", "name" : "http://www.ocert.org/advisories/ocert-2014-011.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ocert.org/advisories/ocert-2014-011.html", "name" : "http://www.ocert.org/advisories/ocert-2014-011.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securitytracker.com/id/1031433", "name" : "http://www.securitytracker.com/id/1031433", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1031433", "name" : "http://www.securitytracker.com/id/1031433", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2015:0700", "name" : "https://access.redhat.com/errata/RHSA-2015:0700", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2015:0700", "name" : "https://access.redhat.com/errata/RHSA-2015:0700", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1174844", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1174844", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1174844", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1174844", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unzip_project:unzip:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-31T22:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8140", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ocert.org/advisories/ocert-2014-011.html", "name" : "http://www.ocert.org/advisories/ocert-2014-011.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ocert.org/advisories/ocert-2014-011.html", "name" : "http://www.ocert.org/advisories/ocert-2014-011.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securitytracker.com/id/1031433", "name" : "http://www.securitytracker.com/id/1031433", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1031433", "name" : "http://www.securitytracker.com/id/1031433", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2015:0700", "name" : "https://access.redhat.com/errata/RHSA-2015:0700", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2015:0700", "name" : "https://access.redhat.com/errata/RHSA-2015:0700", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1174851", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1174851", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1174851", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1174851", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unzip_project:unzip:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-31T22:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8141", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ocert.org/advisories/ocert-2014-011.html", "name" : "http://www.ocert.org/advisories/ocert-2014-011.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ocert.org/advisories/ocert-2014-011.html", "name" : "http://www.ocert.org/advisories/ocert-2014-011.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securitytracker.com/id/1031433", "name" : "http://www.securitytracker.com/id/1031433", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1031433", "name" : "http://www.securitytracker.com/id/1031433", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2015:0700", "name" : "https://access.redhat.com/errata/RHSA-2015:0700", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2015:0700", "name" : "https://access.redhat.com/errata/RHSA-2015:0700", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1174856", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1174856", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1174856", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1174856", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unzip_project:unzip:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-31T23:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8161", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-209" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2015/dsa-3155", "name" : "http://www.debian.org/security/2015/dsa-3155", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3155", "name" : "http://www.debian.org/security/2015/dsa-3155", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.postgresql.org/about/news/1569/", "name" : "http://www.postgresql.org/about/news/1569/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/about/news/1569/", "name" : "http://www.postgresql.org/about/news/1569/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "name" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "name" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9.0.19", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1.0", "versionEndExcluding" : "9.1.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.2.0", "versionEndExcluding" : "9.2.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.3.0", "versionEndExcluding" : "9.3.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.4.0", "versionEndExcluding" : "9.4.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T16:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8164", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151208", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151208", "refsource" : "", "tags" : [ "Issue Tracking", "Mitigation", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151208", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151208", "refsource" : "", "tags" : [ "Issue Tracking", "Mitigation", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2022-07-06T20:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8166", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/03/24/15", "name" : "[oss-security] 20150324 Re: CVE-2014-8166 cups: code execution via unescape ANSI escape sequences", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/24/15", "name" : "[oss-security] 20150324 Re: CVE-2014-8166 cups: code execution via unescape ANSI escape sequences", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/24/2", "name" : "[oss-security] 20150323 CVE-2014-8166 cups: code execution via unescape ANSI escape sequences", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/24/2", "name" : "[oss-security] 20150323 CVE-2014-8166 cups: code execution via unescape ANSI escape sequences", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/73300", "name" : "73300", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/73300", "name" : "73300", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1084577", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1084577", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1084577", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1084577", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cups:cups:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-12T17:29Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8167", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-8167", "name" : "https://access.redhat.com/security/cve/cve-2014-8167", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-8167", "name" : "https://access.redhat.com/security/cve/cve-2014-8167", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8167", "name" : "Red Hat", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8167", "name" : "Red Hat", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:vdsclient:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:virtual_desktop_server_manager:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-13T17:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8171", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-399" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://rhn.redhat.com/errata/RHSA-2015-0864.html", "name" : "RHSA-2015:0864", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-0864.html", "name" : "RHSA-2015:0864", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-2152.html", "name" : "RHSA-2015:2152", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-2152.html", "name" : "RHSA-2015:2152", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-2411.html", "name" : "RHSA-2015:2411", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-2411.html", "name" : "RHSA-2015:2411", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2016-0068.html", "name" : "RHSA-2016:0068", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2016-0068.html", "name" : "RHSA-2016:0068", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/74293", "name" : "74293", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/74293", "name" : "74293", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198109", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198109", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198109", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198109", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-09T22:29Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8178", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html", "name" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html", "name" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12", "name" : "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12", "name" : "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ", "name" : "https://groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ", "name" : "https://groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.docker.com/legal/docker-cve-database", "name" : "https://www.docker.com/legal/docker-cve-database", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.docker.com/legal/docker-cve-database", "name" : "https://www.docker.com/legal/docker-cve-database", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:docker:cs_engine:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.6.2-cs7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 1.9 }, "severity" : "LOW", "exploitabilityScore" : 3.4, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-17T14:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8179", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html", "name" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html", "name" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/", "name" : "https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/", "refsource" : "", "tags" : [ "Not Applicable", "Vendor Advisory" ] }, { "url" : "https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/", "name" : "https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/", "refsource" : "", "tags" : [ "Not Applicable", "Vendor Advisory" ] }, { "url" : "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12", "name" : "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12", "name" : "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ", "name" : "https://groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ", "name" : "https://groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.docker.com/legal/docker-cve-database", "name" : "https://www.docker.com/legal/docker-cve-database", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.docker.com/legal/docker-cve-database", "name" : "https://www.docker.com/legal/docker-cve-database", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:docker:cs_engine:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.6.2-cs7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-17T18:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8181", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-665" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1335817", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1335817", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1335817", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1335817", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-06T15:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8182", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-193" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2014-8182", "name" : "https://access.redhat.com/security/cve/cve-2014-8182", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2014-8182", "name" : "https://access.redhat.com/security/cve/cve-2014-8182", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8182", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8182", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8182", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8182", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-8182", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-8182", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-8182", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-8182", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-8182", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-8182", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-8182", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-8182", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-02T23:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8183", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8183", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8183", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8183", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8183", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.0", "versionEndExcluding" : "1.15.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.4, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.1, "impactScore" : 3.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-01T14:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8184", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8184", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8184", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8184", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8184", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/liblouis/liblouis/issues/425", "name" : "https://github.com/liblouis/liblouis/issues/425", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/liblouis/liblouis/issues/425", "name" : "https://github.com/liblouis/liblouis/issues/425", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:liblouis:liblouis:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.5.0", "versionEndExcluding" : "2.5.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-02T13:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8185", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8186", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8187", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8188", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8189", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8190", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8191", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8192", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8193", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8194", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8195", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8196", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8197", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8198", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8199", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8200", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8201", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8202", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8203", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8204", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8205", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8206", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8207", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8208", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8209", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8210", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8211", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8212", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8213", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8214", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8215", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8216", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8217", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8218", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8219", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8220", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8221", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8222", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8223", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8224", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8225", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8226", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8227", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8228", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8229", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8230", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8231", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8232", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8233", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8234", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8235", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8236", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8237", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8238", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8239", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8271", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/p/edk2/code/16280/", "name" : "http://sourceforge.net/p/edk2/code/16280/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "http://sourceforge.net/p/edk2/code/16280/", "name" : "http://sourceforge.net/p/edk2/code/16280/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "http://www.kb.cert.org/vuls/id/533140", "name" : "http://www.kb.cert.org/vuls/id/533140", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/533140", "name" : "http://www.kb.cert.org/vuls/id/533140", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", "versionEndExcluding" : "svn_16280", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-06T15:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8276", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8277", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8278", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8279", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8280", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8281", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8282", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8283", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8284", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8285", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8286", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8287", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8288", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8289", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8290", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8291", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8292", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8321", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html", "name" : "http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html", "refsource" : "", "tags" : [ "Product", "Release Notes", "Third Party Advisory" ] }, { "url" : "http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html", "name" : "http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html", "refsource" : "", "tags" : [ "Product", "Release Notes", "Third Party Advisory" ] }, { "url" : "http://packetstormsecurity.com/files/128943/Aircrack-ng-1.2-Beta-3-DoS-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/128943/Aircrack-ng-1.2-Beta-3-DoS-Code-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128943/Aircrack-ng-1.2-Beta-3-DoS-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/128943/Aircrack-ng-1.2-Beta-3-DoS-Code-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98458", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98458", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98458", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98458", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5/", "name" : "https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5/", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5/", "name" : "https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5/", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/aircrack-ng/aircrack-ng/pull/13", "name" : "https://github.com/aircrack-ng/aircrack-ng/pull/13", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/aircrack-ng/aircrack-ng/pull/13", "name" : "https://github.com/aircrack-ng/aircrack-ng/pull/13", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aircrack-ng:aircrack-ng:1.2:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aircrack-ng:aircrack-ng:1.2:beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aircrack-ng:aircrack-ng:1.2:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aircrack-ng:aircrack-ng:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-31T22:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8322", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html", "name" : "http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html", "refsource" : "", "tags" : [ "Product", "Release Notes", "Third Party Advisory" ] }, { "url" : "http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html", "name" : "http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html", "refsource" : "", "tags" : [ "Product", "Release Notes", "Third Party Advisory" ] }, { "url" : "http://packetstormsecurity.com/files/128943/Aircrack-ng-1.2-Beta-3-DoS-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/128943/Aircrack-ng-1.2-Beta-3-DoS-Code-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128943/Aircrack-ng-1.2-Beta-3-DoS-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/128943/Aircrack-ng-1.2-Beta-3-DoS-Code-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/35018", "name" : "http://www.exploit-db.com/exploits/35018", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/35018", "name" : "http://www.exploit-db.com/exploits/35018", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98459", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98459", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98459", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98459", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b", "name" : "https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b", "name" : "https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/aircrack-ng/aircrack-ng/pull/14", "name" : "https://github.com/aircrack-ng/aircrack-ng/pull/14", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/aircrack-ng/aircrack-ng/pull/14", "name" : "https://github.com/aircrack-ng/aircrack-ng/pull/14", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aircrack-ng:aircrack-ng:1.2:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aircrack-ng:aircrack-ng:1.2:beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aircrack-ng:aircrack-ng:1.2:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aircrack-ng:aircrack-ng:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-31T22:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8328", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://typo3.org/extensions/repository/view/dce", "name" : "http://typo3.org/extensions/repository/view/dce", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://typo3.org/extensions/repository/view/dce", "name" : "http://typo3.org/extensions/repository/view/dce", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/", "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/", "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97673", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97673", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97673", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97673", "refsource" : "", "tags" : [ "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*", "versionStartIncluding" : "0.7.0", "versionEndIncluding" : "0.7.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*", "versionStartIncluding" : "0.8.0", "versionEndIncluding" : "0.8.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*", "versionStartIncluding" : "0.9.0", "versionEndIncluding" : "0.9.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*", "versionStartIncluding" : "0.10.0", "versionEndIncluding" : "0.10.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*", "versionStartIncluding" : "0.11.0", "versionEndExcluding" : "0.11.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-03T14:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8335", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html", "name" : "http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html", "name" : "http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/10/20/7", "name" : "[oss-security] 20141020 Re: Vulnerabilities in WordPress Database Manager v2.7.1", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/10/20/7", "name" : "[oss-security] 20141020 Re: Vulnerabilities in WordPress Database Manager v2.7.1", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html", "name" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html", "name" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97691", "name" : "dbmgr-wordpress-cve20148335-info-disc(97691)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97691", "name" : "dbmgr-wordpress-cve20148335-info-disc(97691)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a", "name" : "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a", "name" : "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-dbmanager/#developers", "name" : "https://wordpress.org/plugins/wp-dbmanager/#developers", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-dbmanager/#developers", "name" : "https://wordpress.org/plugins/wp-dbmanager/#developers", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.7.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-05T16:29Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8336", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/10/21/3", "name" : "[oss-security] 20141021 Re: Vulnerabilities in WordPress Database Manager v2.7.1", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/10/21/3", "name" : "[oss-security] 20141021 Re: Vulnerabilities in WordPress Database Manager v2.7.1", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html", "name" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html", "name" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97694", "name" : "dbmgr-wordpress-cve20148336-file-download(97694)", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97694", "name" : "dbmgr-wordpress-cve20148336-file-download(97694)", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a", "name" : "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a", "name" : "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-dbmanager/#developers", "name" : "https://wordpress.org/plugins/wp-dbmanager/#developers", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-dbmanager/#developers", "name" : "https://wordpress.org/plugins/wp-dbmanager/#developers", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The \"Sql Run Query\" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.7.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-05T16:29Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8337", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128979/HelpDEZk-1.0.1-Unrestricted-File-Upload.html", "name" : "http://packetstormsecurity.com/files/128979/HelpDEZk-1.0.1-Unrestricted-File-Upload.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128979/HelpDEZk-1.0.1-Unrestricted-File-Upload.html", "name" : "http://packetstormsecurity.com/files/128979/HelpDEZk-1.0.1-Unrestricted-File-Upload.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23239", "name" : "https://www.htbridge.com/advisory/HTB23239", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23239", "name" : "https://www.htbridge.com/advisory/HTB23239", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:helpdezk:helpdezk:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-03T20:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8338", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/128997/Drupal-7-Videowhisper-Cross-Site-Scripting.html", "name" : "https://packetstormsecurity.com/files/128997/Drupal-7-Videowhisper-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/128997/Drupal-7-Videowhisper-Cross-Site-Scripting.html", "name" : "https://packetstormsecurity.com/files/128997/Drupal-7-Videowhisper-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/archive/1/533921", "name" : "https://www.securityfocus.com/archive/1/533921", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/archive/1/533921", "name" : "https://www.securityfocus.com/archive/1/533921", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:videowhisper:webcam:7.x-1.7:*:*:*:*:drupal:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-31T22:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8347", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128853/Filemaker-Login-Bypass-Privilege-Escalation.html", "name" : "http://packetstormsecurity.com/files/128853/Filemaker-Login-Bypass-Privilege-Escalation.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128853/Filemaker-Login-Bypass-Privilege-Escalation.html", "name" : "http://packetstormsecurity.com/files/128853/Filemaker-Login-Bypass-Privilege-Escalation.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/35077", "name" : "http://www.exploit-db.com/exploits/35077", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/35077", "name" : "http://www.exploit-db.com/exploits/35077", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97780", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97780", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97780", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97780", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://lists.openwall.net/bugtraq/2014/10/27/4", "name" : "https://lists.openwall.net/bugtraq/2014/10/27/4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://lists.openwall.net/bugtraq/2014/10/27/4", "name" : "https://lists.openwall.net/bugtraq/2014/10/27/4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/archive/1/533814", "name" : "https://www.securityfocus.com/archive/1/533814", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/archive/1/533814", "name" : "https://www.securityfocus.com/archive/1/533814", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:claris:filemaker_pro:13.03:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:claris:filemaker_pro_advanced:12.0.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-11T14:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8356", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-639" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html", "name" : "http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html", "name" : "http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Oct/57", "name" : "http://seclists.org/fulldisclosure/2015/Oct/57", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Oct/57", "name" : "http://seclists.org/fulldisclosure/2015/Oct/57", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/38453/", "name" : "https://www.exploit-db.com/exploits/38453/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/38453/", "name" : "https://www.exploit-db.com/exploits/38453/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dasanzhone:znid_2426a_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "s3.0.501", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dasanzhone:znid_2426a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-21T22:15Z", "lastModifiedDate" : "2024-11-21T02:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8374", "ASSIGNER" : "security@vmware.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8421", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", "name" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", "name" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", "name" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", "name" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unify:openstage_sip:*:*:*:*:*:*:*:*", "versionEndExcluding" : "r3.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:unify:openstage_20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:unify:openstage_40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:unify:openstage_60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unify:openscape_desk_phone_ip_sip:*:*:*:*:*:*:*:*", "versionEndExcluding" : "r3.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.6, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.5 }, "severity" : "HIGH", "exploitabilityScore" : 6.8, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-12T21:29Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8422", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-331" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", "name" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", "name" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", "name" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", "name" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unify:openstage_sip:*:*:*:*:*:*:*:*", "versionEndExcluding" : "r3.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:unify:openstage_20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:unify:openstage_40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:unify:openstage_60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unify:openscape_desk_phone_ip_sip:*:*:*:*:*:*:*:*", "versionEndExcluding" : "r3.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-12T21:29Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8444", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8486", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8496. Reason: This candidate is a duplicate of CVE-2014-8496. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-8496 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-04-29T22:59Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8490", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2014/Dec/83", "name" : "http://seclists.org/fulldisclosure/2014/Dec/83", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Dec/83", "name" : "http://seclists.org/fulldisclosure/2014/Dec/83", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://tetraph.com/security/cves/cve-2014-8490-tennisconnect-components-system-xss-cross-site-scripting-security-vulnerability/", "name" : "http://tetraph.com/security/cves/cve-2014-8490-tennisconnect-components-system-xss-cross-site-scripting-security-vulnerability/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://tetraph.com/security/cves/cve-2014-8490-tennisconnect-components-system-xss-cross-site-scripting-security-vulnerability/", "name" : "http://tetraph.com/security/cves/cve-2014-8490-tennisconnect-components-system-xss-cross-site-scripting-security-vulnerability/", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tennisconnect:components:9.927:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-28T20:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8516", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/70895", "name" : "http://www.securityfocus.com/bid/70895", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/70895", "name" : "http://www.securityfocus.com/bid/70895", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-372/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-372/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-372/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-372/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98475", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98475", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98475", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98475", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/129023", "name" : "https://packetstormsecurity.com/files/129023", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/129023", "name" : "https://packetstormsecurity.com/files/129023", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudfastpath:netcharts_server:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-03T21:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8540", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/10/31/2", "name" : "[oss-security] 20141031 Re: CVE request for GitLab groups API", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/10/31/2", "name" : "[oss-security] 20141031 Re: CVE request for GitLab groups API", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/70841", "name" : "70841", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/70841", "name" : "70841", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/", "name" : "https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/", "name" : "https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98449", "name" : "gitlab-cve20148540-security-bypass(98449)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98449", "name" : "gitlab-cve20148540-security-bypass(98449)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd", "name" : "https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd", "name" : "https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.9.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0.0", "versionEndExcluding" : "7.4.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-05T16:29Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8561", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-835" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html", "name" : "http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html", "name" : "http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Nov/1", "name" : "http://seclists.org/fulldisclosure/2014/Nov/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Nov/1", "name" : "http://seclists.org/fulldisclosure/2014/Nov/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/10/31/3", "name" : "http://www.openwall.com/lists/oss-security/2014/10/31/3", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/10/31/3", "name" : "http://www.openwall.com/lists/oss-security/2014/10/31/3", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-8561", "name" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-8561", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-8561", "name" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-8561", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-8561", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-8561", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-8561", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-8561", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "imagemagick 6.8.9.6 has remote DOS via infinite loop" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagemagick:imagemagick:6.8.9-6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-15T22:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8563", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.zimbra.com/show_bug.cgi?id=96105", "name" : "https://bugzilla.zimbra.com/show_bug.cgi?id=96105", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required", "Vendor Advisory" ] }, { "url" : "https://bugzilla.zimbra.com/show_bug.cgi?id=96105", "name" : "https://bugzilla.zimbra.com/show_bug.cgi?id=96105", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required", "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.0.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T19:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8565", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8518. Reason: This candidate is a duplicate of CVE-2014-8518. Notes: All CVE users should reference CVE-2014-8518 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-11-15T21:59Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8573", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8574", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8575", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8576", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8579", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://hackingcomtapioca.blogspot.com.br/2014/10/hacking-trendnet-tew-823dru.html", "name" : "http://hackingcomtapioca.blogspot.com.br/2014/10/hacking-trendnet-tew-823dru.html", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://hackingcomtapioca.blogspot.com.br/2014/10/hacking-trendnet-tew-823dru.html", "name" : "http://hackingcomtapioca.blogspot.com.br/2014/10/hacking-trendnet-tew-823dru.html", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:trendnet:tew-823dru_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.00b30", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:trendnet:tew-823dru:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-05T16:29Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8597", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.xlabs.com.br/blog/cve-2014-8597-php-fusion-xss-injection-reflected/", "name" : "https://www.xlabs.com.br/blog/cve-2014-8597-php-fusion-xss-injection-reflected/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.xlabs.com.br/blog/cve-2014-8597-php-fusion-xss-injection-reflected/", "name" : "https://www.xlabs.com.br/blog/cve-2014-8597-php-fusion-xss-injection-reflected/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php-fusion:phpfusion:7.02.07:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-02-17T20:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8614", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-02-09T01:59Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8615", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-02-09T01:59Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8645", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8646", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8647", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8648", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8649", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8650", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/11/07/1", "name" : "http://www.openwall.com/lists/oss-security/2014/11/07/1", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/11/07/1", "name" : "http://www.openwall.com/lists/oss-security/2014/11/07/1", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/70909", "name" : "http://www.securityfocus.com/bid/70909", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/70909", "name" : "http://www.securityfocus.com/bid/70909", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8650", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8650", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8650", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8650", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-8650", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-8650", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2014-8650", "name" : "https://security-tracker.debian.org/tracker/CVE-2014-8650", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "python-requests-Kerberos through 0.5 does not handle mutual authentication" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:requests-kerberos_project:requests-kerberos:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-15T22:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8673", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html", "name" : "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html", "name" : "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jul/44", "name" : "http://seclists.org/fulldisclosure/2015/Jul/44", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jul/44", "name" : "http://seclists.org/fulldisclosure/2015/Jul/44", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/75726", "name" : "http://www.securityfocus.com/bid/75726", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/75726", "name" : "http://www.securityfocus.com/bid/75726", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37604/", "name" : "https://www.exploit-db.com/exploits/37604/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37604/", "name" : "https://www.exploit-db.com/exploits/37604/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.32", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-07T18:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8674", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html", "name" : "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html", "name" : "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jul/44", "name" : "http://seclists.org/fulldisclosure/2015/Jul/44", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jul/44", "name" : "http://seclists.org/fulldisclosure/2015/Jul/44", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/75726", "name" : "http://www.securityfocus.com/bid/75726", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/75726", "name" : "http://www.securityfocus.com/bid/75726", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37604/", "name" : "https://www.exploit-db.com/exploits/37604/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37604/", "name" : "https://www.exploit-db.com/exploits/37604/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.33", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-06T22:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8739", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://osvdb.org/show/osvdb/113669", "name" : "http://osvdb.org/show/osvdb/113669", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://osvdb.org/show/osvdb/113669", "name" : "http://osvdb.org/show/osvdb/113669", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://osvdb.org/show/osvdb/113673", "name" : "http://osvdb.org/show/osvdb/113673", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://osvdb.org/show/osvdb/113673", "name" : "http://osvdb.org/show/osvdb/113673", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/11/11/4", "name" : "http://www.openwall.com/lists/oss-security/2014/11/11/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/11/11/4", "name" : "http://www.openwall.com/lists/oss-security/2014/11/11/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/11/11/5", "name" : "http://www.openwall.com/lists/oss-security/2014/11/11/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/11/11/5", "name" : "http://www.openwall.com/lists/oss-security/2014/11/11/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/11/13/3", "name" : "http://www.openwall.com/lists/oss-security/2014/11/13/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/11/13/3", "name" : "http://www.openwall.com/lists/oss-security/2014/11/13/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/sexy-contact-form/changelog/", "name" : "https://wordpress.org/plugins/sexy-contact-form/changelog/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/sexy-contact-form/changelog/", "name" : "https://wordpress.org/plugins/sexy-contact-form/changelog/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/35057/", "name" : "https://www.exploit-db.com/exploits/35057/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/35057/", "name" : "https://www.exploit-db.com/exploits/35057/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36811/", "name" : "https://www.exploit-db.com/exploits/36811/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36811/", "name" : "https://www.exploit-db.com/exploits/36811/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:6.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:creative-solutions:creative_contact_form:*:*:*:*:*:joomla\\!:*:*", "versionEndExcluding" : "2.0.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:creative-solutions:creative_contact_form:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-08T18:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8741", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.lexmark.com/index?page=content&id=TE666", "name" : "http://support.lexmark.com/index?page=content&id=TE666", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://support.lexmark.com/index?page=content&id=TE666", "name" : "http://support.lexmark.com/index?page=content&id=TE666", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-410/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-410/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-410/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-410/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lexmark:markvision_enterprise:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T18:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8742", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.lexmark.com/index?page=content&id=TE666", "name" : "http://support.lexmark.com/index?page=content&id=TE666", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://support.lexmark.com/index?page=content&id=TE666", "name" : "http://support.lexmark.com/index?page=content&id=TE666", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-411/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-411/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-411/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-411/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lexmark:markvision_enterprise:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T18:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8780", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/534272/100/0/threaded", "name" : "20141217 Jease CMS v2.11 - Persistent UI Web Vulnerability", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/534272/100/0/threaded", "name" : "20141217 Jease CMS v2.11 - Persistent UI Web Vulnerability", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.vulnerability-lab.com/get_content.php?id=1373", "name" : "https://www.vulnerability-lab.com/get_content.php?id=1373", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.vulnerability-lab.com/get_content.php?id=1373", "name" : "https://www.vulnerability-lab.com/get_content.php?id=1373", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jease:jease:2.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-07T15:29Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8818", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8841", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8842", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8843", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8844", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8845", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8846", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8847", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8848", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8849", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8850", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8851", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8852", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8853", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8854", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8855", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8856", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8857", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8858", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8859", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8860", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8861", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8862", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8863", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8864", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8865", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8888", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF", "name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF", "name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/110755", "name" : "dlink-dir815-cve20148888-command-exec(110755)", "refsource" : "", "tags" : [ "Technical Description", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/110755", "name" : "dlink-dir815-cve20148888-command-exec(110755)", "refsource" : "", "tags" : [ "Technical Description", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an \"HTTP command injection issue.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-815_firmware:2.03.b02:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-12T21:29Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8928", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8929", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8931", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8932", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8933", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8934", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8935", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8936", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8937", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:piwigo:lexiglot:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2014-11-20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-06-01T17:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8938", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:piwigo:lexiglot:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2014-11-20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-06-01T17:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8939", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:piwigo:lexiglot:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2014-11-20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-06-01T17:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8940", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:piwigo:lexiglot:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2014-11-20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-06-01T17:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8941", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:piwigo:lexiglot:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2014-11-20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-06-01T17:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8942", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Lexiglot through 2014-11-20 allows CSRF." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:piwigo:lexiglot:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2014-11-20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-06-01T17:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8943", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:piwigo:lexiglot:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2014-11-20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-06-01T17:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8944", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:piwigo:lexiglot:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2014-11-20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-06-01T17:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8945", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "name" : "https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:piwigo:lexiglot:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2014-11-20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-06-01T17:15Z", "lastModifiedDate" : "2024-11-21T02:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8968", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8969", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8970", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8971", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8972", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8973", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8974", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8975", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8976", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8977", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8978", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8979", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8980", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8981", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8982", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8983", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8984", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-8985", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/70937", "name" : "70937", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/70937", "name" : "70937", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051", "name" : "MS14-051", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051", "name" : "MS14-051", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-4145." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.6, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.6 }, "severity" : "HIGH", "exploitabilityScore" : 4.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-08T23:29Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9013", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.exploit-db.com/exploits/36490/", "name" : "https://www.exploit-db.com/exploits/36490/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36490/", "name" : "https://www.exploit-db.com/exploits/36490/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpmarketplace_project:wpmarketplace:2.4.0:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-06T21:15Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9014", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.szurek.pl/wp-marketplace-240-arbitrary-file-download.html", "name" : "https://security.szurek.pl/wp-marketplace-240-arbitrary-file-download.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://security.szurek.pl/wp-marketplace-240-arbitrary-file-download.html", "name" : "https://security.szurek.pl/wp-marketplace-240-arbitrary-file-download.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/36466/", "name" : "https://www.exploit-db.com/exploits/36466/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36466/", "name" : "https://www.exploit-db.com/exploits/36466/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpmarketplace_project:wpmarketplace:2.4.0:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-06T21:15Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9126", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html", "name" : "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html", "name" : "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-school:open-school:2.2:*:*:*:community:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-08T17:15Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9127", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html", "name" : "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html", "name" : "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-school:open-school:2.2:*:*:*:community:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-08T17:15Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9167", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9168", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9169", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9170", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9171", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9172", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9186", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r400", "versionEndExcluding" : "r400.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r410", "versionEndExcluding" : "r410.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r430", "versionEndExcluding" : "r430.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-08T16:29Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9187", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r400", "versionEndExcluding" : "r400.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r410", "versionEndExcluding" : "r410.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r430", "versionEndExcluding" : "r430.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-25T20:29Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9189", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r400", "versionEndExcluding" : "r400.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r410", "versionEndExcluding" : "r410.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r430", "versionEndExcluding" : "r430.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-25T20:29Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9210", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9211", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/65971", "name" : "http://www.securityfocus.com/bid/65971", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/65971", "name" : "http://www.securityfocus.com/bid/65971", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/author/11084/", "name" : "https://packetstormsecurity.com/files/author/11084/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/author/11084/", "name" : "https://packetstormsecurity.com/files/author/11084/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ClickDesk version 4.3 and below has persistent cross site scripting" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clickdesk:clickdesk:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "4.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-14T14:15Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9231", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9232", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9233", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9244", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9246", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9385, CVE-2014-9386. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-9385 and CVE-2014-9386 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2014-12-15T18:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9285", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9286", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9287", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9288", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9289", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9290", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9291", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9297", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-10-06T01:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9298", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-10-06T01:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9299", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8870. Reason: This candidate is a duplicate of CVE-2015-8870. The CVE-2014-9299 ID originated from an unrelated and invalid assignment, and this ID was inadvertently used for the CVE-2015-8870 issue. Notes: All CVE users should reference CVE-2015-8870 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-12-06T18:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9320", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html", "name" : "http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html", "name" : "http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Dec/60", "name" : "http://seclists.org/fulldisclosure/2014/Dec/60", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2014/Dec/60", "name" : "http://seclists.org/fulldisclosure/2014/Dec/60", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99607", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99607", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99607", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99607", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba", "name" : "https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba", "name" : "https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded", "name" : "https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded", "name" : "https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:businessobjects_edge:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2021-08-09T19:15Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9356", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1172761", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1172761", "refsource" : "MISC", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded", "name" : "20141212 Docker 1.3.3 - Security Advisory [11 Dec 2014]", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded", "name" : "20141212 Docker 1.3.3 - Security Advisory [11 Dec 2014]", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 8.6, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 4.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:C/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "PARTIAL", "baseScore" : 8.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 7.8, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-02T18:15Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9382", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jun/1", "name" : "http://seclists.org/fulldisclosure/2015/Jun/1", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jun/1", "name" : "http://seclists.org/fulldisclosure/2015/Jun/1", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/74936", "name" : "http://www.securityfocus.com/bid/74936", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/74936", "name" : "http://www.securityfocus.com/bid/74936", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:free:freebox_os:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-13T14:15Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9390", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://article.gmane.org/gmane.linux.kernel/1853266", "name" : "http://article.gmane.org/gmane.linux.kernel/1853266", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://article.gmane.org/gmane.linux.kernel/1853266", "name" : "http://article.gmane.org/gmane.linux.kernel/1853266", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", "name" : "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", "name" : "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://mercurial.selenic.com/wiki/WhatsNew", "name" : "http://mercurial.selenic.com/wiki/WhatsNew", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "http://mercurial.selenic.com/wiki/WhatsNew", "name" : "http://mercurial.selenic.com/wiki/WhatsNew", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "http://securitytracker.com/id?1031404", "name" : "http://securitytracker.com/id?1031404", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://securitytracker.com/id?1031404", "name" : "http://securitytracker.com/id?1031404", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://support.apple.com/kb/HT204147", "name" : "http://support.apple.com/kb/HT204147", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://support.apple.com/kb/HT204147", "name" : "http://support.apple.com/kb/HT204147", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://github.com/blog/1938-git-client-vulnerability-announced", "name" : "https://github.com/blog/1938-git-client-vulnerability-announced", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://github.com/blog/1938-git-client-vulnerability-announced", "name" : "https://github.com/blog/1938-git-client-vulnerability-announced", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915", "name" : "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915", "name" : "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://libgit2.org/security/", "name" : "https://libgit2.org/security/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://libgit2.org/security/", "name" : "https://libgit2.org/security/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://news.ycombinator.com/item?id=8769667", "name" : "https://news.ycombinator.com/item?id=8769667", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://news.ycombinator.com/item?id=8769667", "name" : "https://news.ycombinator.com/item?id=8769667", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.5.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.9.0", "versionEndExcluding" : "1.9.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0.0", "versionEndExcluding" : "2.0.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.1.0", "versionEndExcluding" : "2.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.2.0", "versionEndExcluding" : "2.2.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:xcode:6.2:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:xcode:6.2:beta_2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.1.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eclipse:egit:*:*:*:*:*:*:*:*", "versionEndExcluding" : "08-12-2014", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.21.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.5.0", "versionEndExcluding" : "3.5.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.4.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-12T02:15Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9404", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5005. Reason: This candidate is a reservation duplicate of CVE-2014-5005. Notes: All CVE users should reference CVE-2014-5005 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-02-17T19:15Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9405", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jun/1", "name" : "http://seclists.org/fulldisclosure/2015/Jun/1", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jun/1", "name" : "http://seclists.org/fulldisclosure/2015/Jun/1", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/535660/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/535660/100/0/threaded", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/535660/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/535660/100/0/threaded", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/74936", "name" : "http://www.securityfocus.com/bid/74936", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/74936", "name" : "http://www.securityfocus.com/bid/74936", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:free:freebox_os:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-06T22:15Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9470", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2015/Jan/38", "name" : "http://seclists.org/fulldisclosure/2015/Jan/38", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jan/38", "name" : "http://seclists.org/fulldisclosure/2015/Jan/38", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.fork-cms.com/blog/detail/fork-3.8.4-released", "name" : "http://www.fork-cms.com/blog/detail/fork-3.8.4-released", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.fork-cms.com/blog/detail/fork-3.8.4-released", "name" : "http://www.fork-cms.com/blog/detail/fork-3.8.4-released", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.itas.vn/news/itas-team-found-out-a-cross-site-scripting-vulnerability-in-fork-cms-70.html", "name" : "http://www.itas.vn/news/itas-team-found-out-a-cross-site-scripting-vulnerability-in-fork-cms-70.html", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.itas.vn/news/itas-team-found-out-a-cross-site-scripting-vulnerability-in-fork-cms-70.html", "name" : "http://www.itas.vn/news/itas-team-found-out-a-cross-site-scripting-vulnerability-in-fork-cms-70.html", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/bid/72017", "name" : "http://www.securityfocus.com/bid/72017", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72017", "name" : "http://www.securityfocus.com/bid/72017", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/forkcms/forkcms/commit/4a7814762adf4f56f932d95146c7e4126d872114", "name" : "https://github.com/forkcms/forkcms/commit/4a7814762adf4f56f932d95146c7e4126d872114", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/forkcms/forkcms/commit/4a7814762adf4f56f932d95146c7e4126d872114", "name" : "https://github.com/forkcms/forkcms/commit/4a7814762adf4f56f932d95146c7e4126d872114", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/forkcms/forkcms/issues/1018s", "name" : "https://github.com/forkcms/forkcms/issues/1018s", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/forkcms/forkcms/issues/1018s", "name" : "https://github.com/forkcms/forkcms/issues/1018s", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fork-cms:fork_cms:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.8.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-08T17:15Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9481", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/12/21/2", "name" : "http://www.openwall.com/lists/oss-security/2014/12/21/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/12/21/2", "name" : "http://www.openwall.com/lists/oss-security/2014/12/21/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/01/03/13", "name" : "http://www.openwall.com/lists/oss-security/2015/01/03/13", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/01/03/13", "name" : "http://www.openwall.com/lists/oss-security/2015/01/03/13", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html", "name" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html", "name" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T73167", "name" : "https://phabricator.wikimedia.org/T73167", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T73167", "name" : "https://phabricator.wikimedia.org/T73167", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.23.9", "versionEndExcluding" : "1.24.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.23.0", "versionEndExcluding" : "1.23.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.19.24", "versionEndExcluding" : "1.22.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.23", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T16:15Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9482", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/12/31/3", "name" : "[oss-security] 20141231 CVE Request, Use after free vulnerability in Dwarfdump", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/12/31/3", "name" : "[oss-security] 20141231 CVE Request, Use after free vulnerability in Dwarfdump", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/01/03/14", "name" : "[oss-security] 20150103 Re: CVE Request, Use after free vulnerability in Dwarfdump", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/01/03/14", "name" : "[oss-security] 20150103 Re: CVE Request, Use after free vulnerability in Dwarfdump", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/71839", "name" : "71839", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/71839", "name" : "71839", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1178725", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1178725", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1178725", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1178725", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2013-01-26", "versionEndIncluding" : "2014-08-05", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-16T19:29Z", "lastModifiedDate" : "2024-11-21T02:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9485", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2014/12/31/11", "name" : "[oss-security] 20141231 cve request: miniunzip directory traversal", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/12/31/11", "name" : "[oss-security] 20141231 cve request: miniunzip directory traversal", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/01/03/16", "name" : "[oss-security] 20150103 Re: cve request: miniunzip directory traversal", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/01/03/16", "name" : "[oss-security] 20150103 Re: cve request: miniunzip directory traversal", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2024/01/24/10", "name" : "[oss-security] 20240124 Re: CVE-2023-45853: overflows in MiniZip in zlib through 1.3", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2024/01/24/10", "name" : "[oss-security] 20240124 Re: CVE-2023-45853: overflows in MiniZip in zlib through 1.3", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/71846", "name" : "71846", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/71846", "name" : "71846", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774321", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774321", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774321", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774321", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:minizip_project:minizip:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.1-4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-16T19:29Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9486", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9447. Reason: This candidate is a duplicate of CVE-2014-9447. Notes: All CVE users should reference CVE-2014-9447 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-07T15:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9492", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9323. Reason: This candidate is a reservation duplicate of CVE-2014-9323. Notes: All CVE users should reference CVE-2014-9323 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-05T18:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9502", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/01/04/6", "name" : "[oss-security] 20150103 Re: CVE requests: Drupal contributed modules", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/01/04/6", "name" : "[oss-security] 20150103 Re: CVE requests: Drupal contributed modules", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99655", "name" : "openatrium-drupal-cve20149502-csrf(99655)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99655", "name" : "openatrium-drupal-cve20149502-csrf(99655)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.drupal.org/node/2394979", "name" : "https://www.drupal.org/node/2394979", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2394979", "name" : "https://www.drupal.org/node/2394979", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2395045", "name" : "https://www.drupal.org/node/2395045", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2395045", "name" : "https://www.drupal.org/node/2395045", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:*:*:*:*:*:drupal:*:*", "versionStartIncluding" : "7.x-2.0", "versionEndExcluding" : "7.x-2.26", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha2:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha1:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha3:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha4:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha5:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta1:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta2:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta3:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta4:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:rc1:*:*:*:drupal:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-01T17:29Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9503", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/01/04/6", "name" : "[oss-security] 20150103 Re: CVE requests: Drupal contributed modules", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/01/04/6", "name" : "[oss-security] 20150103 Re: CVE requests: Drupal contributed modules", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99656", "name" : "openatrium-drupal-cve20149503-sec-bypass(99656)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99656", "name" : "openatrium-drupal-cve20149503-sec-bypass(99656)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.drupal.org/node/2394979", "name" : "https://www.drupal.org/node/2394979", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2394979", "name" : "https://www.drupal.org/node/2394979", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2395045", "name" : "https://www.drupal.org/node/2395045", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2395045", "name" : "https://www.drupal.org/node/2395045", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with \"access content\" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:*:*:*:*:*:drupal:*:*", "versionStartIncluding" : "7.x-2.0", "versionEndExcluding" : "7.x-2.26", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha2:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha1:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha3:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha4:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha5:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta1:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta2:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta3:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta4:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:rc1:*:*:*:drupal:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-01T17:29Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9504", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/01/04/6", "name" : "[oss-security] 20150103 Re: CVE requests: Drupal contributed modules", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/01/04/6", "name" : "[oss-security] 20150103 Re: CVE requests: Drupal contributed modules", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99657", "name" : "openatrium-drupal-cve20149504-sec-bypass(99657)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99657", "name" : "openatrium-drupal-cve20149504-sec-bypass(99657)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.drupal.org/node/2394979", "name" : "https://www.drupal.org/node/2394979", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2394979", "name" : "https://www.drupal.org/node/2394979", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2395045", "name" : "https://www.drupal.org/node/2395045", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/2395045", "name" : "https://www.drupal.org/node/2395045", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:*:*:*:*:*:drupal:*:*", "versionStartIncluding" : "7.x-2.0", "versionEndExcluding" : "7.x-2.26", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha2:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha1:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha3:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha4:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha5:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta1:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta2:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta3:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta4:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:rc1:*:*:*:drupal:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-01T17:29Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9530", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/nwjs/nw.js/blob/master/CHANGELOG.md", "name" : "https://github.com/nwjs/nw.js/blob/master/CHANGELOG.md", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/nwjs/nw.js/blob/master/CHANGELOG.md", "name" : "https://github.com/nwjs/nw.js/blob/master/CHANGELOG.md", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nwjs:nw:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "0.11.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-07T15:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9563", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-93" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", "name" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", "name" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", "name" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", "name" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unify:openstage_sip:*:*:*:*:*:*:*:*", "versionEndExcluding" : "r3.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:unify:openstage_20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:unify:openstage_40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:unify:openstage_60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unify:openscape_desk_phone_ip_sip:*:*:*:*:*:*:*:*", "versionEndExcluding" : "r3.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 4.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-12T21:29Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9588", "ASSIGNER" : "security@vmware.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9589", "ASSIGNER" : "security@vmware.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9590", "ASSIGNER" : "security@vmware.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9591", "ASSIGNER" : "security@vmware.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9592", "ASSIGNER" : "security@vmware.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9606", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndExcluding" : "4.0.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.1.0", "versionEndExcluding" : "4.1.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.1.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-19T20:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9607", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-19T20:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9608", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndExcluding" : "4.0.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.1.0", "versionEndExcluding" : "4.1.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.1.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-19T20:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9609", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndExcluding" : "4.0.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.1.0", "versionEndExcluding" : "4.1.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.1.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-19T20:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9612", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndExcluding" : "4.0.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.1.0", "versionEndExcluding" : "4.1.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.1.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-19T20:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9613", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.6.29.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-19T20:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9614", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-19T20:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9615", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-19T20:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9617", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-19T21:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9625", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://openwall.com/lists/oss-security/2015/01/20/5", "name" : "http://openwall.com/lists/oss-security/2015/01/20/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/01/20/5", "name" : "http://openwall.com/lists/oss-security/2015/01/20/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14", "name" : "https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14", "name" : "https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.videolan.org/security/sa1501.html", "name" : "https://www.videolan.org/security/sa1501.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.videolan.org/security/sa1501.html", "name" : "https://www.videolan.org/security/sa1501.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an \"integer truncation\" vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-24T22:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9626", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-191" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://openwall.com/lists/oss-security/2015/01/20/5", "name" : "http://openwall.com/lists/oss-security/2015/01/20/5", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/01/20/5", "name" : "http://openwall.com/lists/oss-security/2015/01/20/5", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", "name" : "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", "name" : "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.videolan.org/security/sa1501.html", "name" : "https://www.videolan.org/security/sa1501.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.videolan.org/security/sa1501.html", "name" : "https://www.videolan.org/security/sa1501.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-24T22:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9627", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-704" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://openwall.com/lists/oss-security/2015/01/20/5", "name" : "http://openwall.com/lists/oss-security/2015/01/20/5", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/01/20/5", "name" : "http://openwall.com/lists/oss-security/2015/01/20/5", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", "name" : "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", "name" : "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.videolan.org/security/sa1501.html", "name" : "https://www.videolan.org/security/sa1501.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.videolan.org/security/sa1501.html", "name" : "https://www.videolan.org/security/sa1501.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-24T22:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9628", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://openwall.com/lists/oss-security/2015/01/20/5", "name" : "http://openwall.com/lists/oss-security/2015/01/20/5", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/01/20/5", "name" : "http://openwall.com/lists/oss-security/2015/01/20/5", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", "name" : "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", "name" : "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.videolan.org/security/sa1501.html", "name" : "https://www.videolan.org/security/sa1501.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.videolan.org/security/sa1501.html", "name" : "https://www.videolan.org/security/sa1501.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-24T22:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9629", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://openwall.com/lists/oss-security/2015/01/20/5", "name" : "http://openwall.com/lists/oss-security/2015/01/20/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/01/20/5", "name" : "http://openwall.com/lists/oss-security/2015/01/20/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5", "name" : "https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5", "name" : "https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.videolan.org/security/sa1501.html", "name" : "https://www.videolan.org/security/sa1501.html", "refsource" : "", "tags" : [ "Third Party Advisory", "Vendor Advisory" ] }, { "url" : "https://www.videolan.org/security/sa1501.html", "name" : "https://www.videolan.org/security/sa1501.html", "refsource" : "", "tags" : [ "Third Party Advisory", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.2.0", "versionEndExcluding" : "2.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-24T22:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9630", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://openwall.com/lists/oss-security/2015/01/20/5", "name" : "http://openwall.com/lists/oss-security/2015/01/20/5", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/01/20/5", "name" : "http://openwall.com/lists/oss-security/2015/01/20/5", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97", "name" : "https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97", "name" : "https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.videolan.org/security/sa1501.html", "name" : "https://www.videolan.org/security/sa1501.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.videolan.org/security/sa1501.html", "name" : "https://www.videolan.org/security/sa1501.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-24T22:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9681", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-04-23T23:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9699", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://secur3.us/index.php/vulnerabilities/", "name" : "https://secur3.us/index.php/vulnerabilities/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://secur3.us/index.php/vulnerabilities/", "name" : "https://secur3.us/index.php/vulnerabilities/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://support.makerbot.com/learn/makerbot-desktop-software/release-notes/makerbot-desktop-release-notes_13520", "name" : "https://support.makerbot.com/learn/makerbot-desktop-software/release-notes/makerbot-desktop-release-notes_13520", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://support.makerbot.com/learn/makerbot-desktop-software/release-notes/makerbot-desktop-release-notes_13520", "name" : "https://support.makerbot.com/learn/makerbot-desktop-software/release-notes/makerbot-desktop-release-notes_13520", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthenticated attackers through this HTTP server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:makerbot:replicator_5th_generation_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:makerbot:replicator_5th_generation:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-24T21:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9702", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.justanotherhacker.com/2016/09/jahx161_-_cmfive_database_credential_disclosure.html", "name" : "https://www.justanotherhacker.com/2016/09/jahx161_-_cmfive_database_credential_disclosure.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.justanotherhacker.com/2016/09/jahx161_-_cmfive_database_credential_disclosure.html", "name" : "https://www.justanotherhacker.com/2016/09/jahx161_-_cmfive_database_credential_disclosure.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:2pisoftware:cmfive:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2015-03-15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-06-01T17:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9720", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-203" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://openwall.com/lists/oss-security/2015/05/19/4", "name" : "http://openwall.com/lists/oss-security/2015/05/19/4", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/05/19/4", "name" : "http://openwall.com/lists/oss-security/2015/05/19/4", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html", "name" : "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html", "name" : "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://bugzilla.novell.com/show_bug.cgi?id=930362", "name" : "https://bugzilla.novell.com/show_bug.cgi?id=930362", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.novell.com/show_bug.cgi?id=930362", "name" : "https://bugzilla.novell.com/show_bug.cgi?id=930362", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1222816", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1222816", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1222816", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1222816", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308", "name" : "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308", "name" : "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-24T18:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9748", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/libuv/libuv/issues/515", "name" : "https://github.com/libuv/libuv/issues/515", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/libuv/libuv/issues/515", "name" : "https://github.com/libuv/libuv/issues/515", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/libuv/libuv/pull/516", "name" : "https://github.com/libuv/libuv/pull/516", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/libuv/libuv/pull/516", "name" : "https://github.com/libuv/libuv/pull/516", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/nodejs/node/pull/2723", "name" : "https://github.com/nodejs/node/pull/2723", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/nodejs/node/pull/2723", "name" : "https://github.com/nodejs/node/pull/2723", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://groups.google.com/forum/#%21msg/libuv/KyNnGEXR0OA/NWb605ev2LUJ", "name" : "https://groups.google.com/forum/#%21msg/libuv/KyNnGEXR0OA/NWb605ev2LUJ", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/forum/#%21msg/libuv/KyNnGEXR0OA/NWb605ev2LUJ", "name" : "https://groups.google.com/forum/#%21msg/libuv/KyNnGEXR0OA/NWb605ev2LUJ", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/forum/#%21topic/libuv/WO2cl9zasN8", "name" : "https://groups.google.com/forum/#%21topic/libuv/WO2cl9zasN8", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/forum/#%21topic/libuv/WO2cl9zasN8", "name" : "https://groups.google.com/forum/#%21topic/libuv/WO2cl9zasN8", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libuv:libuv:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.12.0", "versionEndExcluding" : "0.12.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.10.0", "versionEndExcluding" : "0.10.46", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-11T17:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9753", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://karmainsecurity.com/KIS-2015-06", "name" : "http://karmainsecurity.com/KIS-2015-06", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://karmainsecurity.com/KIS-2015-06", "name" : "http://karmainsecurity.com/KIS-2015-06", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Nov/11", "name" : "http://seclists.org/fulldisclosure/2015/Nov/11", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Nov/11", "name" : "http://seclists.org/fulldisclosure/2015/Nov/11", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://update.atutor.ca/patch/2_2/2_2-6/patch.xml", "name" : "http://update.atutor.ca/patch/2_2/2_2-6/patch.xml", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://update.atutor.ca/patch/2_2/2_2-6/patch.xml", "name" : "http://update.atutor.ca/patch/2_2/2_2-6/patch.xml", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/536835/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/536835/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/536835/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/536835/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/atutor/ATutor/commit/950a0299954e69b8742cc1f1a632f564435d4d7d", "name" : "https://github.com/atutor/ATutor/commit/950a0299954e69b8742cc1f1a632f564435d4d7d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/atutor/ATutor/commit/950a0299954e69b8742cc1f1a632f564435d4d7d", "name" : "https://github.com/atutor/ATutor/commit/950a0299954e69b8742cc1f1a632f564435d4d7d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atutor:atutor:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-11T18:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9791", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0196. Reason: This candidate is a reservation duplicate of CVE-2014-0196. Notes: All CVE users should reference CVE-2014-0196 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-07-11T01:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9794", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0973. Reason: This candidate is a reservation duplicate of CVE-2014-0973. Notes: All CVE users should reference CVE-2014-0973 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-07-11T01:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9797", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0974. Reason: This candidate is a reservation duplicate of CVE-2014-0974. Notes: All CVE users should reference CVE-2014-0974 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-07-11T01:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9908", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/94167", "name" : "http://www.securityfocus.com/bid/94167", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/94167", "name" : "http://www.securityfocus.com/bid/94167", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/Genymobile/f2ut_platform_frameworks_base/commit/f24cec326f5f65c693544fb0b92c37f633bacda2", "name" : "https://github.com/Genymobile/f2ut_platform_frameworks_base/commit/f24cec326f5f65c693544fb0b92c37f633bacda2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Genymobile/f2ut_platform_frameworks_base/commit/f24cec326f5f65c693544fb0b92c37f633bacda2", "name" : "https://github.com/Genymobile/f2ut_platform_frameworks_base/commit/f24cec326f5f65c693544fb0b92c37f633bacda2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2016-11-01.html", "name" : "https://source.android.com/security/bulletin/2016-11-01.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2016-11-01.html", "name" : "https://source.android.com/security/bulletin/2016-11-01.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.93449", "name" : "https://vuldb.com/?id.93449", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.93449", "name" : "https://vuldb.com/?id.93449", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 3.3 }, "severity" : "LOW", "exploitabilityScore" : 6.5, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-08T15:15Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9917", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.exploit-db.com/exploits/34089/", "name" : "34089", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/34089/", "name" : "34089", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bilboplanet:bilboplanet:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-15T14:29Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9918", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.exploit-db.com/exploits/34089/", "name" : "34089", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/34089/", "name" : "34089", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bilboplanet:bilboplanet:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-15T14:29Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9919", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.exploit-db.com/exploits/34089/", "name" : "34089", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/34089/", "name" : "34089", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bilboplanet:bilboplanet:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-15T14:29Z", "lastModifiedDate" : "2024-11-21T02:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9953", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9954", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9955", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9956", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9957", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9958", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9959", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9982", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-08-30T15:15Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9985", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-388" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, SD 400, and SD 800, TOCTOU condition may result in bypassing error condition checks, leading to undefined behavior." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9986", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 820A, in playready_licacq_process_response(), 'cbResponse' value is controlled by HLOS, and there is no validation on this length. If 'cbResponse' is too large, memory overread occurs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9987", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, a buffer over-read can occur in a DRM API." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9988", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear SD 820A, IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 450, and SD 850, lack of input validation for message length causes buffer over read in drm_app_encapsulate_save_keys." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9989", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-129" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if an incorrect endpoint number or direction is passed, an out of bounds array access may occur in the USB management module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9990", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-129" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, lack of input validation could lead to an out of bound array access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9991", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if a client or host sends more than 16k bytes of USB mass storage transfer, a buffer overflow occurs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9992", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-08-30T15:15Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9993", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 450, and SD 850, buffer overread vulnerability may occur while provisioning a content with a large message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9994", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, lack of validation of input could cause a integer overflow that could subsequently lead to a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9995", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, in drmprov_cmd_verify_key(), the variable feature_name_length is not validated. There is a check for feature_name_len + filePathLen but there might be an integer wrap when checking feature_name_len + filePathLen. This leads to a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9996", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, while verifying provisioning, a buffer overflow can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9997", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 625, SD 650/52, SD 808, and SD 810, lack of input validation in PRDiagMaintenanceHandler can leads to buffer over read." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9998", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 625, SD 808, SD 810, SD 820, and SDX20, while processing firmware image signature, the internal buffer may overflow if the firmware signature size is large." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca4531_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca4531:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca6584_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca6584:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9378_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9378:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9379:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9558_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9558:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9880_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9880:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9886_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9886:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9980_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9980:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-9999", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-13T11:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-99999", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-13T11:59Z", "lastModifiedDate" : "2023-11-07T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2014-999999", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-01-13T11:59Z", "lastModifiedDate" : "2023-11-07T02:22Z" } ] }