{ "CVE_data_type" : "CVE", "CVE_data_format" : "MITRE", "CVE_data_version" : "4.0", "CVE_data_numberOfCVEs" : "1581", "CVE_data_timestamp" : "2025-07-20T07:00Z", "CVE_Items" : [ { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0007", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0013", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0024", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0033", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0034", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0047", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0082", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0083", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0102", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/74220", "name" : "http://www.securityfocus.com/bid/74220", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/74220", "name" : "http://www.securityfocus.com/bid/74220", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694941", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694941", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694941", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694941", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-authentication-session-cookie-in-ibm-workflow-for-bluemix-was-missing-secure-flag-cve-2015-0102/", "name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-authentication-session-cookie-in-ibm-workflow-for-bluemix-was-missing-secure-flag-cve-2015-0102/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-authentication-session-cookie-in-ibm-workflow-for-bluemix-was-missing-secure-flag-cve-2015-0102/", "name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-authentication-session-cookie-in-ibm-workflow-for-bluemix-was-missing-secure-flag-cve-2015-0102/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:workflow:-:*:*:*:*:bluemix:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-05T18:15Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0150", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/110583", "name" : "dlink-dir815-cve20150150-sec-bypass(110583)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/110583", "name" : "dlink-dir815-cve20150150-sec-bypass(110583)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.07.b01", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-12T21:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0151", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/110584", "name" : "dlink-dir815-cve20150151-csrf(110584)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/110584", "name" : "dlink-dir815-cve20150151-csrf(110584)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.07.b01", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-12T21:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0152", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/110585", "name" : "dlink-dir815-cve20150152-info-disc(110585)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/110585", "name" : "dlink-dir815-cve20150152-info-disc(110585)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.07.b01", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-12T21:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0153", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-320" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/110586", "name" : "dlink-dir815-cve20150153-info-disc(110586)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/110586", "name" : "dlink-dir815-cve20150153-info-disc(110586)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.07.b01", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-12T21:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0154", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-07-17T01:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0155", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-07-17T01:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0159", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3570. Reason: This candidate is a reservation duplicate of CVE-2014-3570. Notes: All CVE users should reference CVE-2014-3570 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-03-25T01:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0163", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-07-17T01:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0164", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-09-15T15:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0165", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-09-15T15:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0166", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-09-15T15:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0172", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699472", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699472", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699472", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699472", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_siteprotector_system:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-10T15:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0191", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0191. Reason: This candidate is a duplicate of CVE-2014-0191. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-0191 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-05-30T19:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0203", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-19" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/72030", "name" : "72030", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72030", "name" : "72030", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHBA-2016:1500", "name" : "RHBA-2016:1500", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHBA-2016:1500", "name" : "RHBA-2016:1500", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://issues.apache.org/jira/browse/QPID-6310", "name" : "https://issues.apache.org/jira/browse/QPID-6310", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://issues.apache.org/jira/browse/QPID-6310", "name" : "https://issues.apache.org/jira/browse/QPID-6310", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.30", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-21T15:29Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0229", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-02-04T18:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0230", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-07-09T16:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0241", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2015/dsa-3155", "name" : "http://www.debian.org/security/2015/dsa-3155", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3155", "name" : "http://www.debian.org/security/2015/dsa-3155", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.postgresql.org/about/news/1569/", "name" : "http://www.postgresql.org/about/news/1569/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/about/news/1569/", "name" : "http://www.postgresql.org/about/news/1569/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "name" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "name" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9.0.19", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1.0", "versionEndExcluding" : "9.1.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.2.0", "versionEndExcluding" : "9.2.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.3.0", "versionEndExcluding" : "9.3.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.4.0", "versionEndExcluding" : "9.4.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T16:15Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0242", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2015/dsa-3155", "name" : "http://www.debian.org/security/2015/dsa-3155", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3155", "name" : "http://www.debian.org/security/2015/dsa-3155", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.postgresql.org/about/news/1569/", "name" : "http://www.postgresql.org/about/news/1569/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/about/news/1569/", "name" : "http://www.postgresql.org/about/news/1569/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "name" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "name" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9.0.19", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1.0", "versionEndExcluding" : "9.1.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.2.0", "versionEndExcluding" : "9.2.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.3.0", "versionEndExcluding" : "9.3.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.4.0", "versionEndExcluding" : "9.4.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T16:15Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0243", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2015/dsa-3155", "name" : "http://www.debian.org/security/2015/dsa-3155", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3155", "name" : "http://www.debian.org/security/2015/dsa-3155", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.postgresql.org/about/news/1569/", "name" : "http://www.postgresql.org/about/news/1569/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/about/news/1569/", "name" : "http://www.postgresql.org/about/news/1569/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "name" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "name" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9.0.19", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1.0", "versionEndExcluding" : "9.1.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.2.0", "versionEndExcluding" : "9.2.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.3.0", "versionEndExcluding" : "9.3.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.4.0", "versionEndExcluding" : "9.4.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T16:15Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0244", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2015/dsa-3155", "name" : "http://www.debian.org/security/2015/dsa-3155", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3155", "name" : "http://www.debian.org/security/2015/dsa-3155", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.postgresql.org/about/news/1569/", "name" : "http://www.postgresql.org/about/news/1569/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/about/news/1569/", "name" : "http://www.postgresql.org/about/news/1569/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "name" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "name" : "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "name" : "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9.0.19", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1.0", "versionEndExcluding" : "9.1.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.2.0", "versionEndExcluding" : "9.2.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.3.0", "versionEndExcluding" : "9.3.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.4.0", "versionEndExcluding" : "9.4.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T16:15Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0246", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1493. Reason: This candidate is a reservation duplicate of CVE-2015-1493. Notes: All CVE users should reference CVE-2015-1493 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-02-09T15:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0256", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0258", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133736/Collabtive-2.0-Shell-Upload.html", "name" : "http://packetstormsecurity.com/files/133736/Collabtive-2.0-Shell-Upload.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133736/Collabtive-2.0-Shell-Upload.html", "name" : "http://packetstormsecurity.com/files/133736/Collabtive-2.0-Shell-Upload.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335", "name" : "https://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335", "name" : "https://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/02/msg00031.html", "name" : "[debian-lts-announce] 20200228 [SECURITY] [DLA 2125-1] collabtive security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/02/msg00031.html", "name" : "[debian-lts-announce] 20200228 [SECURITY] [DLA 2125-1] collabtive security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/4590-1/", "name" : "USN-4590-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/4590-1/", "name" : "USN-4590-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:o-dyn:collabtive:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-17T18:15Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0262", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-02-21T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0270", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://framework.zend.com/security/advisory/ZF2015-02", "name" : "https://framework.zend.com/security/advisory/ZF2015-02", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://framework.zend.com/security/advisory/ZF2015-02", "name" : "https://framework.zend.com/security/advisory/ZF2015-02", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\\Db adapter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zend:framework:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.3.0", "versionEndExcluding" : "2.3.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zend:framework:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-10-25T15:15Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0280", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0281", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0294", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2015/dsa-3191", "name" : "http://www.debian.org/security/2015/dsa-3191", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3191", "name" : "http://www.debian.org/security/2015/dsa-3191", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1196323", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1196323", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1196323", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1196323", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff", "name" : "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff", "name" : "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.3.13", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T16:15Z", "lastModifiedDate" : "2024-11-21T02:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0300", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0442", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0454", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0481", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0520", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0539", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0558", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-311" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/129817/Pirelli-Router-P.DG-A4001N-WPA-Key-Reverse-Engineering.html", "name" : "http://packetstormsecurity.com/files/129817/Pirelli-Router-P.DG-A4001N-WPA-Key-Reverse-Engineering.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/129817/Pirelli-Router-P.DG-A4001N-WPA-Key-Reverse-Engineering.html", "name" : "http://packetstormsecurity.com/files/129817/Pirelli-Router-P.DG-A4001N-WPA-Key-Reverse-Engineering.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/35721", "name" : "http://www.exploit-db.com/exploits/35721", "refsource" : "", "tags" : [ "Not Applicable", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/35721", "name" : "http://www.exploit-db.com/exploits/35721", "refsource" : "", "tags" : [ "Not Applicable", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99682", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99682", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99682", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99682", "refsource" : "", "tags" : [ "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses \"1236790\" and the MAC address to generate the WPA key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:adbglobal:p.dga4001n_firmware:pdg_tef_sp_4.06l.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:adbglobal:p.dga4001n:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-14T17:15Z", "lastModifiedDate" : "2024-11-21T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0565", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html", "name" : "https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html", "name" : "https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://www.exploit-db.com/exploits/36310/", "name" : "https://www.exploit-db.com/exploits/36310/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36310/", "name" : "https://www.exploit-db.com/exploits/36310/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36311/", "name" : "https://www.exploit-db.com/exploits/36311/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36311/", "name" : "https://www.exploit-db.com/exploits/36311/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:native_client:2015:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 10.0, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 6.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-25T20:15Z", "lastModifiedDate" : "2024-11-21T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0749", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150522-CVE-2015-0749", "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150522-CVE-2015-0749", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150522-CVE-2015-0749", "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150522-CVE-2015-0749", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "versionEndIncluding" : "10.5\\(2.10000.5\\)", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-19T03:15Z", "lastModifiedDate" : "2024-11-21T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0788", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0789", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0790", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0791", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0792", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0793", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0796", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=941099", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=941099", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=941099", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=941099", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/openSUSE/open-build-service/commit/474a3db19498765f0118ba3dbc0b1cc90b0097fc", "name" : "https://github.com/openSUSE/open-build-service/commit/474a3db19498765f0118ba3dbc0b1cc90b0097fc", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/openSUSE/open-build-service/commit/474a3db19498765f0118ba3dbc0b1cc90b0097fc", "name" : "https://github.com/openSUSE/open-build-service/commit/474a3db19498765f0118ba3dbc0b1cc90b0097fc", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opensuse:open_buildservice:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.4", "versionEndExcluding" : "2.4.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opensuse:open_buildservice:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.5", "versionEndExcluding" : "2.5.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opensuse:open_buildservice:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.6", "versionEndExcluding" : "2.6.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-02T20:29Z", "lastModifiedDate" : "2024-11-21T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0837", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-203" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2015/dsa-3184", "name" : "http://www.debian.org/security/2015/dsa-3184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3184", "name" : "http://www.debian.org/security/2015/dsa-3184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3185", "name" : "http://www.debian.org/security/2015/dsa-3185", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3185", "name" : "http://www.debian.org/security/2015/dsa-3185", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ieeexplore.ieee.org/document/7163050", "name" : "https://ieeexplore.ieee.org/document/7163050", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ieeexplore.ieee.org/document/7163050", "name" : "https://ieeexplore.ieee.org/document/7163050", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", "refsource" : "", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", "refsource" : "", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", "refsource" : "", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", "refsource" : "", "tags" : [ "Mailing List", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.19", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.6.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-29T22:15Z", "lastModifiedDate" : "2024-11-21T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0841", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-193" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://gtkatlantic.gradator.net/oldnews.html", "name" : "http://gtkatlantic.gradator.net/oldnews.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://gtkatlantic.gradator.net/oldnews.html", "name" : "http://gtkatlantic.gradator.net/oldnews.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/23/20", "name" : "http://www.openwall.com/lists/oss-security/2015/03/23/20", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/23/20", "name" : "http://www.openwall.com/lists/oss-security/2015/03/23/20", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781043", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781043", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781043", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781043", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201507-12", "name" : "https://security.gentoo.org/glsa/201507-12", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201507-12", "name" : "https://security.gentoo.org/glsa/201507-12", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:monopd_project:monopd:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.9.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-09T19:15Z", "lastModifiedDate" : "2024-11-21T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0842", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.include.gr/debian/yubiserver/#changelog", "name" : "http://www.include.gr/debian/yubiserver/#changelog", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugs.debian.org/796495", "name" : "https://bugs.debian.org/796495", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-06-26T22:15Z", "lastModifiedDate" : "2025-06-27T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0843", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.include.gr/debian/yubiserver/#changelog", "name" : "http://www.include.gr/debian/yubiserver/#changelog", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugs.debian.org/796495", "name" : "https://bugs.debian.org/796495", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-06-26T22:15Z", "lastModifiedDate" : "2025-06-27T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0849", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.debian.org/790365", "name" : "https://bugs.debian.org/790365", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-06-26T22:15Z", "lastModifiedDate" : "2025-07-02T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0872", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0897", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-924" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://official-blog.line.me/ja/archives/24809761.html", "name" : "http://official-blog.line.me/ja/archives/24809761.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://official-blog.line.me/ja/archives/24809761.html", "name" : "http://official-blog.line.me/ja/archives/24809761.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jvn.jp/en/jp/JVN41281927/", "name" : "https://jvn.jp/en/jp/JVN41281927/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jvn.jp/en/jp/JVN41281927/", "name" : "https://jvn.jp/en/jp/JVN41281927/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:line:line:*:*:*:*:*:android:*:*", "versionEndIncluding" : "5.0.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:line:line:*:*:*:*:*:iphone_os:*:*", "versionEndIncluding" : "5.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 } }, "publishedDate" : "2023-10-31T10:15Z", "lastModifiedDate" : "2024-11-21T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0942", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6742, CVE-2015-6743, CVE-2015-6744, CVE-2015-6745, CVE-2015-6746, CVE-2015-6747. Reason: This candidate originally combined multiple issues that have different vulnerability types and other complex abstraction issues. Notes: All CVE users should reference CVE-2015-6742, CVE-2015-6743, CVE-2015-6744, CVE-2015-6745, CVE-2015-6746, and CVE-2015-6747 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-08-31T14:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0949", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/631788", "name" : "http://www.kb.cert.org/vuls/id/631788", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/631788", "name" : "http://www.kb.cert.org/vuls/id/631788", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_e6430_firmware:a09:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_e6430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:elitebook_850_g1_firmware:01.09:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:hp:elitebook_850_g1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-30T21:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0955", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0955. Reason: This candidate is a duplicate of CVE-2016-0955. Notes: All CVE users should reference CVE-2016-0955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-06-27T20:29Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-0983", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10001", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/f5c3dfea-7203-4a98-88ff-aa6a24d03734", "name" : "https://wpscan.com/vulnerability/f5c3dfea-7203-4a98-88ff-aa6a24d03734", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/f5c3dfea-7203-4a98-88ff-aa6a24d03734", "name" : "https://wpscan.com/vulnerability/f5c3dfea-7203-4a98-88ff-aa6a24d03734", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/06/17/6", "name" : "https://www.openwall.com/lists/oss-security/2015/06/17/6", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/06/17/6", "name" : "https://www.openwall.com/lists/oss-security/2015/06/17/6", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wp-stats_project:wp-stats:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.52", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2021-11-01T09:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10002", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.118359", "name" : "https://vuldb.com/?id.118359", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.118359", "name" : "https://vuldb.com/?id.118359", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is recommended to upgrade the affected component." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kiddoware:kids_place:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2022-03-28T18:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10003", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-610" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory", "name" : "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory", "refsource" : "", "tags" : [ "Patch", "Technical Description", "Third Party Advisory" ] }, { "url" : "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory", "name" : "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory", "refsource" : "", "tags" : [ "Patch", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.97203", "name" : "https://vuldb.com/?id.97203", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.97203", "name" : "https://vuldb.com/?id.97203", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely. Upgrading to version 0.9.51 is able to address this issue. It is recommended to upgrade the affected component." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.9.51", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2022-07-17T07:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10004", "ASSIGNER" : "security@golang.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-668" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654", "name" : "https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654", "name" : "https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/robbert229/jwt/issues/12", "name" : "https://github.com/robbert229/jwt/issues/12", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/robbert229/jwt/issues/12", "name" : "https://github.com/robbert229/jwt/issues/12", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://pkg.go.dev/vuln/GO-2020-0023", "name" : "https://pkg.go.dev/vuln/GO-2020-0023", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://pkg.go.dev/vuln/GO-2020-0023", "name" : "https://pkg.go.dev/vuln/GO-2020-0023", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:json_web_token_project:json_web_token:-:*:*:*:*:go:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2022-12-27T22:15Z", "lastModifiedDate" : "2025-04-11T23:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10005", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/markdown-it/markdown-it/commit/89c8620157d6e38f9872811620d25138fc9d1b0d", "name" : "https://github.com/markdown-it/markdown-it/commit/89c8620157d6e38f9872811620d25138fc9d1b0d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/markdown-it/markdown-it/commit/89c8620157d6e38f9872811620d25138fc9d1b0d", "name" : "https://github.com/markdown-it/markdown-it/commit/89c8620157d6e38f9872811620d25138fc9d1b0d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/markdown-it/markdown-it/releases/tag/3.0.0", "name" : "https://github.com/markdown-it/markdown-it/releases/tag/3.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/markdown-it/markdown-it/releases/tag/3.0.0", "name" : "https://github.com/markdown-it/markdown-it/releases/tag/3.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.216852", "name" : "https://vuldb.com/?ctiid.216852", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.216852", "name" : "https://vuldb.com/?ctiid.216852", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.216852", "name" : "https://vuldb.com/?id.216852", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.216852", "name" : "https://vuldb.com/?id.216852", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 89c8620157d6e38f9872811620d25138fc9d1b0d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216852." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:markdown-it_project:markdown-it:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2022-12-27T09:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10006", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/admont28/ingnovarq/commit/9d18a39944d79dfedacd754a742df38f99d3c0e2", "name" : "https://github.com/admont28/ingnovarq/commit/9d18a39944d79dfedacd754a742df38f99d3c0e2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/admont28/ingnovarq/commit/9d18a39944d79dfedacd754a742df38f99d3c0e2", "name" : "https://github.com/admont28/ingnovarq/commit/9d18a39944d79dfedacd754a742df38f99d3c0e2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217172", "name" : "https://vuldb.com/?ctiid.217172", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217172", "name" : "https://vuldb.com/?ctiid.217172", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217172", "name" : "https://vuldb.com/?id.217172", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217172", "name" : "https://vuldb.com/?id.217172", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The manipulation of the argument imagetitle leads to cross site scripting. The attack may be launched remotely. The name of the patch is 9d18a39944d79dfedacd754a742df38f99d3c0e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217172." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ingnovarq_project:ingnovarq:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-02-04", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-01T17:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10007", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4", "name" : "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4", "name" : "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217184", "name" : "https://vuldb.com/?ctiid.217184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217184", "name" : "https://vuldb.com/?ctiid.217184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217184", "name" : "https://vuldb.com/?id.217184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217184", "name" : "https://vuldb.com/?id.217184", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217184. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:weipdcrm_project:weipdcrm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-04-01", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-02T11:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10008", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4", "name" : "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4", "name" : "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217185", "name" : "https://vuldb.com/?ctiid.217185", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217185", "name" : "https://vuldb.com/?ctiid.217185", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217185", "name" : "https://vuldb.com/?id.217185", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217185", "name" : "https://vuldb.com/?id.217185", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The identifier of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier VDB-217185 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:weipdcrm_project:weipdcrm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-04-01", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-02T11:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10009", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/nonfiction/nterchange_backend/commit/fba7d89176fba8fe289edd58835fe45080797d99", "name" : "https://github.com/nonfiction/nterchange_backend/commit/fba7d89176fba8fe289edd58835fe45080797d99", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/nonfiction/nterchange_backend/commit/fba7d89176fba8fe289edd58835fe45080797d99", "name" : "https://github.com/nonfiction/nterchange_backend/commit/fba7d89176fba8fe289edd58835fe45080797d99", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/nonfiction/nterchange_backend/releases/tag/4.1.1", "name" : "https://github.com/nonfiction/nterchange_backend/releases/tag/4.1.1", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/nonfiction/nterchange_backend/releases/tag/4.1.1", "name" : "https://github.com/nonfiction/nterchange_backend/releases/tag/4.1.1", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217187", "name" : "https://vuldb.com/?ctiid.217187", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217187", "name" : "https://vuldb.com/?ctiid.217187", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217187", "name" : "https://vuldb.com/?id.217187", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217187", "name" : "https://vuldb.com/?id.217187", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.1 is able to address this issue. The patch is named fba7d89176fba8fe289edd58835fe45080797d99. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217187." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nonfiction:nterchange:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-02T16:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10010", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/opendns/OpenResolve/commit/c680170d5583cd9342fe1af43001fe8b2b8004dd", "name" : "https://github.com/opendns/OpenResolve/commit/c680170d5583cd9342fe1af43001fe8b2b8004dd", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/opendns/OpenResolve/commit/c680170d5583cd9342fe1af43001fe8b2b8004dd", "name" : "https://github.com/opendns/OpenResolve/commit/c680170d5583cd9342fe1af43001fe8b2b8004dd", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217196", "name" : "https://vuldb.com/?ctiid.217196", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217196", "name" : "https://vuldb.com/?ctiid.217196", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217196", "name" : "https://vuldb.com/?id.217196", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217196", "name" : "https://vuldb.com/?id.217196", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in OpenDNS OpenResolve. It has been rated as problematic. Affected by this issue is the function get of the file resolverapi/endpoints.py of the component API. The manipulation leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The name of the patch is c680170d5583cd9342fe1af43001fe8b2b8004dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217196." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:openresolve:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-08-03", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-02T21:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10011", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-116" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311", "name" : "https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311", "name" : "https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217197", "name" : "https://vuldb.com/?ctiid.217197", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217197", "name" : "https://vuldb.com/?ctiid.217197", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217197", "name" : "https://vuldb.com/?id.217197", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217197", "name" : "https://vuldb.com/?id.217197", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutralization for logs. The identifier of the patch is 9eba6ba5abd89d0e36a008921eb307fcef8c5311. It is recommended to apply a patch to fix this issue. The identifier VDB-217197 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:openresolve:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-08-03", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-02T22:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10012", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8", "name" : "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8", "name" : "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0", "name" : "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0", "name" : "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217268", "name" : "https://vuldb.com/?ctiid.217268", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.217268", "name" : "https://vuldb.com/?ctiid.217268", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217268", "name" : "https://vuldb.com/?id.217268", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217268", "name" : "https://vuldb.com/?id.217268", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sumocoders:frameworkuserbundle:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2023-01-03T09:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10013", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/WebDevStudios/taxonomy-switcher/commit/e1a0d99f936e7427b31e210c67aeb4833d804099", "name" : "https://github.com/WebDevStudios/taxonomy-switcher/commit/e1a0d99f936e7427b31e210c67aeb4833d804099", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/WebDevStudios/taxonomy-switcher/commit/e1a0d99f936e7427b31e210c67aeb4833d804099", "name" : "https://github.com/WebDevStudios/taxonomy-switcher/commit/e1a0d99f936e7427b31e210c67aeb4833d804099", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/WebDevStudios/taxonomy-switcher/releases/tag/1.0.4", "name" : "https://github.com/WebDevStudios/taxonomy-switcher/releases/tag/1.0.4", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/WebDevStudios/taxonomy-switcher/releases/tag/1.0.4", "name" : "https://github.com/WebDevStudios/taxonomy-switcher/releases/tag/1.0.4", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217446", "name" : "https://vuldb.com/?ctiid.217446", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217446", "name" : "https://vuldb.com/?ctiid.217446", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217446", "name" : "https://vuldb.com/?id.217446", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217446", "name" : "https://vuldb.com/?id.217446", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.4 is able to address this issue. It is recommended to upgrade the affected component. VDB-217446 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webdevstudios:taxonomy_switcher:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-05T10:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10014", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/arekk/uke/commit/52fd3b2d0bc16227ef57b7b98a3658bb67c1833f", "name" : "https://github.com/arekk/uke/commit/52fd3b2d0bc16227ef57b7b98a3658bb67c1833f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/arekk/uke/commit/52fd3b2d0bc16227ef57b7b98a3658bb67c1833f", "name" : "https://github.com/arekk/uke/commit/52fd3b2d0bc16227ef57b7b98a3658bb67c1833f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217485", "name" : "https://vuldb.com/?ctiid.217485", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217485", "name" : "https://vuldb.com/?ctiid.217485", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217485", "name" : "https://vuldb.com/?id.217485", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217485", "name" : "https://vuldb.com/?id.217485", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of the file lib/uke/finder.rb. The manipulation leads to sql injection. The identifier of the patch is 52fd3b2d0bc16227ef57b7b98a3658bb67c1833f. It is recommended to apply a patch to fix this issue. The identifier VDB-217485 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:uke_project:uke:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-11-17", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-05T14:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10015", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/glidernet/ogn-live/commit/bc0f19965f760587645583b7624d66a260946e01", "name" : "https://github.com/glidernet/ogn-live/commit/bc0f19965f760587645583b7624d66a260946e01", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/glidernet/ogn-live/commit/bc0f19965f760587645583b7624d66a260946e01", "name" : "https://github.com/glidernet/ogn-live/commit/bc0f19965f760587645583b7624d66a260946e01", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/glidernet/ogn-live/pull/11", "name" : "https://github.com/glidernet/ogn-live/pull/11", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/glidernet/ogn-live/pull/11", "name" : "https://github.com/glidernet/ogn-live/pull/11", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217487", "name" : "https://vuldb.com/?ctiid.217487", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217487", "name" : "https://vuldb.com/?ctiid.217487", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217487", "name" : "https://vuldb.com/?id.217487", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217487", "name" : "https://vuldb.com/?id.217487", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in glidernet ogn-live. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named bc0f19965f760587645583b7624d66a260946e01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217487." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:glidernet:ogn-live:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-02-07", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-05T15:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10016", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jeff-kelley/opensim-utils/commit/c29e5c729a833a29dbf5b1e505a0553fe154575e", "name" : "https://github.com/jeff-kelley/opensim-utils/commit/c29e5c729a833a29dbf5b1e505a0553fe154575e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/jeff-kelley/opensim-utils/commit/c29e5c729a833a29dbf5b1e505a0553fe154575e", "name" : "https://github.com/jeff-kelley/opensim-utils/commit/c29e5c729a833a29dbf5b1e505a0553fe154575e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217550", "name" : "https://vuldb.com/?ctiid.217550", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217550", "name" : "https://vuldb.com/?ctiid.217550", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217550", "name" : "https://vuldb.com/?id.217550", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217550", "name" : "https://vuldb.com/?id.217550", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in jeff-kelley opensim-utils. Affected by this issue is the function DatabaseForRegion of the file regionscrits.php. The manipulation of the argument region leads to sql injection. The patch is identified as c29e5c729a833a29dbf5b1e505a0553fe154575e. It is recommended to apply a patch to fix this issue. VDB-217550 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opensim-utils_project:opensim-utils:*:*:*:*:*:*:*:*", "versionEndExcluding" : "12-14-2015", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-06T10:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10017", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/HPI-Information-Systems/ProLOD/commit/3f710905458d49c77530bd3cbcd8960457566b73", "name" : "https://github.com/HPI-Information-Systems/ProLOD/commit/3f710905458d49c77530bd3cbcd8960457566b73", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/HPI-Information-Systems/ProLOD/commit/3f710905458d49c77530bd3cbcd8960457566b73", "name" : "https://github.com/HPI-Information-Systems/ProLOD/commit/3f710905458d49c77530bd3cbcd8960457566b73", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217552", "name" : "https://vuldb.com/?ctiid.217552", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217552", "name" : "https://vuldb.com/?ctiid.217552", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217552", "name" : "https://vuldb.com/?id.217552", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217552", "name" : "https://vuldb.com/?id.217552", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in HPI-Information-Systems ProLOD and classified as critical. This vulnerability affects unknown code. The manipulation of the argument this leads to sql injection. The name of the patch is 3f710905458d49c77530bd3cbcd8960457566b73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217552." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hpi:prolod:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7-6-2015", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-06T11:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10018", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/DBRisinajumi/d2files/commit/b5767f2ec9d0f3cbfda7f13c84740e2179c90574", "name" : "https://github.com/DBRisinajumi/d2files/commit/b5767f2ec9d0f3cbfda7f13c84740e2179c90574", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/DBRisinajumi/d2files/commit/b5767f2ec9d0f3cbfda7f13c84740e2179c90574", "name" : "https://github.com/DBRisinajumi/d2files/commit/b5767f2ec9d0f3cbfda7f13c84740e2179c90574", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/DBRisinajumi/d2files/releases/tag/1.0.0", "name" : "https://github.com/DBRisinajumi/d2files/releases/tag/1.0.0", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/DBRisinajumi/d2files/releases/tag/1.0.0", "name" : "https://github.com/DBRisinajumi/d2files/releases/tag/1.0.0", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217561", "name" : "https://vuldb.com/?ctiid.217561", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217561", "name" : "https://vuldb.com/?ctiid.217561", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217561", "name" : "https://vuldb.com/?id.217561", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217561", "name" : "https://vuldb.com/?id.217561", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The identifier of the patch is b5767f2ec9d0f3cbfda7f13c84740e2179c90574. It is recommended to upgrade the affected component. The identifier VDB-217561 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:weberp:d2files:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-06T13:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10019", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/foxoverflow/MySimplifiedSQL/commit/3b7481c72786f88041b7c2d83bb4f219f77f1293", "name" : "https://github.com/foxoverflow/MySimplifiedSQL/commit/3b7481c72786f88041b7c2d83bb4f219f77f1293", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/foxoverflow/MySimplifiedSQL/commit/3b7481c72786f88041b7c2d83bb4f219f77f1293", "name" : "https://github.com/foxoverflow/MySimplifiedSQL/commit/3b7481c72786f88041b7c2d83bb4f219f77f1293", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217595", "name" : "https://vuldb.com/?ctiid.217595", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.217595", "name" : "https://vuldb.com/?ctiid.217595", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217595", "name" : "https://vuldb.com/?id.217595", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217595", "name" : "https://vuldb.com/?id.217595", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL. This issue affects some unknown processing of the file MySimplifiedSQL_Examples.php. The manipulation of the argument FirstName/LastName leads to cross site scripting. The attack may be initiated remotely. The patch is named 3b7481c72786f88041b7c2d83bb4f219f77f1293. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217595." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysimplifiedsql_project:mysimplifiedsql:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-01-17", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-07T09:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10020", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ssn2013/cis450Project/commit/39b495011437a105c7670e17e071f99195b4922e", "name" : "https://github.com/ssn2013/cis450Project/commit/39b495011437a105c7670e17e071f99195b4922e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ssn2013/cis450Project/commit/39b495011437a105c7670e17e071f99195b4922e", "name" : "https://github.com/ssn2013/cis450Project/commit/39b495011437a105c7670e17e071f99195b4922e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218380", "name" : "https://vuldb.com/?ctiid.218380", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218380", "name" : "https://vuldb.com/?ctiid.218380", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218380", "name" : "https://vuldb.com/?id.218380", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218380", "name" : "https://vuldb.com/?id.218380", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in ssn2013 cis450Project and classified as critical. This vulnerability affects the function addUser of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. The manipulation leads to sql injection. The name of the patch is 39b495011437a105c7670e17e071f99195b4922e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218380." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cis450project_project:cis450project:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-04-29", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-14T21:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10021", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ritterim/definely/commit/b31a022ba4d8d17148445a13ebb5a42ad593dbaa", "name" : "https://github.com/ritterim/definely/commit/b31a022ba4d8d17148445a13ebb5a42ad593dbaa", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ritterim/definely/commit/b31a022ba4d8d17148445a13ebb5a42ad593dbaa", "name" : "https://github.com/ritterim/definely/commit/b31a022ba4d8d17148445a13ebb5a42ad593dbaa", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ritterim/definely/pull/51", "name" : "https://github.com/ritterim/definely/pull/51", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ritterim/definely/pull/51", "name" : "https://github.com/ritterim/definely/pull/51", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217608", "name" : "https://vuldb.com/?ctiid.217608", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217608", "name" : "https://vuldb.com/?ctiid.217608", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217608", "name" : "https://vuldb.com/?id.217608", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217608", "name" : "https://vuldb.com/?id.217608", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ritterim definely. It has been classified as problematic. Affected is an unknown function of the file src/database.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is b31a022ba4d8d17148445a13ebb5a42ad593dbaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217608." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rimdev:definely:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-01-24", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-07T12:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10022", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/IISH/nlgis2/commit/8bdb6fcf7209584eaf1232437f0f53e735b2b34c", "name" : "https://github.com/IISH/nlgis2/commit/8bdb6fcf7209584eaf1232437f0f53e735b2b34c", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/IISH/nlgis2/commit/8bdb6fcf7209584eaf1232437f0f53e735b2b34c", "name" : "https://github.com/IISH/nlgis2/commit/8bdb6fcf7209584eaf1232437f0f53e735b2b34c", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217609", "name" : "https://vuldb.com/?ctiid.217609", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217609", "name" : "https://vuldb.com/?ctiid.217609", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217609", "name" : "https://vuldb.com/?id.217609", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217609", "name" : "https://vuldb.com/?id.217609", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in IISH nlgis2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file scripts/etl/custom_import.pl. The manipulation leads to sql injection. The identifier of the patch is 8bdb6fcf7209584eaf1232437f0f53e735b2b34c. It is recommended to apply a patch to fix this issue. The identifier VDB-217609 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nlgis2_project:nlgis2:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-01-14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T12:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10023", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Fumon/trello-octometric/commit/a1f1754933fbf21e2221fbc671c81a47de6a04ef", "name" : "https://github.com/Fumon/trello-octometric/commit/a1f1754933fbf21e2221fbc671c81a47de6a04ef", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Fumon/trello-octometric/commit/a1f1754933fbf21e2221fbc671c81a47de6a04ef", "name" : "https://github.com/Fumon/trello-octometric/commit/a1f1754933fbf21e2221fbc671c81a47de6a04ef", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217611", "name" : "https://vuldb.com/?ctiid.217611", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217611", "name" : "https://vuldb.com/?ctiid.217611", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217611", "name" : "https://vuldb.com/?id.217611", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217611", "name" : "https://vuldb.com/?id.217611", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Fumon trello-octometric. This affects the function main of the file metrics-ui/server/srv.go. The manipulation of the argument num leads to sql injection. The patch is named a1f1754933fbf21e2221fbc671c81a47de6a04ef. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217611." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trello-octometric_project:trello-octometric:*:*:*:*:*:*:*:*", "versionEndExcluding" : "25-01-2015", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T12:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10024", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/hoffie/larasync/commit/776bad422f4bd4930d09491711246bbeb1be9ba5", "name" : "https://github.com/hoffie/larasync/commit/776bad422f4bd4930d09491711246bbeb1be9ba5", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/hoffie/larasync/commit/776bad422f4bd4930d09491711246bbeb1be9ba5", "name" : "https://github.com/hoffie/larasync/commit/776bad422f4bd4930d09491711246bbeb1be9ba5", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217612", "name" : "https://vuldb.com/?ctiid.217612", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217612", "name" : "https://vuldb.com/?ctiid.217612", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217612", "name" : "https://vuldb.com/?id.217612", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217612", "name" : "https://vuldb.com/?id.217612", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in hoffie larasync. This vulnerability affects unknown code of the file repository/content/file_storage.go. The manipulation leads to path traversal. The name of the patch is 776bad422f4bd4930d09491711246bbeb1be9ba5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217612." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:larasync_project:larasync:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-01-20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T13:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10025", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/luelista/miniConf/commit/c06c2e5116c306e4e1bc79779f0eda2d1182f655", "name" : "https://github.com/luelista/miniConf/commit/c06c2e5116c306e4e1bc79779f0eda2d1182f655", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/luelista/miniConf/commit/c06c2e5116c306e4e1bc79779f0eda2d1182f655", "name" : "https://github.com/luelista/miniConf/commit/c06c2e5116c306e4e1bc79779f0eda2d1182f655", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217615", "name" : "https://vuldb.com/?ctiid.217615", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217615", "name" : "https://vuldb.com/?ctiid.217615", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217615", "name" : "https://vuldb.com/?id.217615", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217615", "name" : "https://vuldb.com/?id.217615", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file miniConf/MessageView.cs of the component URL Scanning. The manipulation leads to denial of service. Upgrading to version 1.7.7 and 1.8.0 is able to address this issue. The patch is named c06c2e5116c306e4e1bc79779f0eda2d1182f655. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217615." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:miniconf_project:miniconf:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.7.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2023-01-07T13:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10026", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/tiredtyrant/flairbot/commit/5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb", "name" : "https://github.com/tiredtyrant/flairbot/commit/5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/tiredtyrant/flairbot/commit/5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb", "name" : "https://github.com/tiredtyrant/flairbot/commit/5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217618", "name" : "https://vuldb.com/?ctiid.217618", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217618", "name" : "https://vuldb.com/?ctiid.217618", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217618", "name" : "https://vuldb.com/?id.217618", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217618", "name" : "https://vuldb.com/?id.217618", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in tiredtyrant flairbot. It has been declared as critical. This vulnerability affects unknown code of the file flair.py. The manipulation leads to sql injection. The patch is identified as 5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb. It is recommended to apply a patch to fix this issue. VDB-217618 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:flairbot_project:flairbot:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-04-27", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T13:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10027", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/hydrian/TTRSS-Auth-LDAP/commit/a7f7a5a82d9202a5c40d606a5c519ba61b224eb8", "name" : "https://github.com/hydrian/TTRSS-Auth-LDAP/commit/a7f7a5a82d9202a5c40d606a5c519ba61b224eb8", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/hydrian/TTRSS-Auth-LDAP/commit/a7f7a5a82d9202a5c40d606a5c519ba61b224eb8", "name" : "https://github.com/hydrian/TTRSS-Auth-LDAP/commit/a7f7a5a82d9202a5c40d606a5c519ba61b224eb8", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/hydrian/TTRSS-Auth-LDAP/pull/14", "name" : "https://github.com/hydrian/TTRSS-Auth-LDAP/pull/14", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/hydrian/TTRSS-Auth-LDAP/pull/14", "name" : "https://github.com/hydrian/TTRSS-Auth-LDAP/pull/14", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/hydrian/TTRSS-Auth-LDAP/releases/tag/2.0b1", "name" : "https://github.com/hydrian/TTRSS-Auth-LDAP/releases/tag/2.0b1", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/hydrian/TTRSS-Auth-LDAP/releases/tag/2.0b1", "name" : "https://github.com/hydrian/TTRSS-Auth-LDAP/releases/tag/2.0b1", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217622", "name" : "https://vuldb.com/?ctiid.217622", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217622", "name" : "https://vuldb.com/?ctiid.217622", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217622", "name" : "https://vuldb.com/?id.217622", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217622", "name" : "https://vuldb.com/?id.217622", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The patch is identified as a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ttrrs-auth-ldap_project:ttrrs-auth-ldap:0.5:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ttrrs-auth-ldap_project:ttrrs-auth-ldap:0.5:rc1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T17:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10028", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mauriciosoares/ss15-this-is-sparta/commit/ba2f71ad3a46e5949ee0c510b544fa4ea973baaa", "name" : "https://github.com/mauriciosoares/ss15-this-is-sparta/commit/ba2f71ad3a46e5949ee0c510b544fa4ea973baaa", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/mauriciosoares/ss15-this-is-sparta/commit/ba2f71ad3a46e5949ee0c510b544fa4ea973baaa", "name" : "https://github.com/mauriciosoares/ss15-this-is-sparta/commit/ba2f71ad3a46e5949ee0c510b544fa4ea973baaa", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/mauriciosoares/ss15-this-is-sparta/pull/1", "name" : "https://github.com/mauriciosoares/ss15-this-is-sparta/pull/1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/mauriciosoares/ss15-this-is-sparta/pull/1", "name" : "https://github.com/mauriciosoares/ss15-this-is-sparta/pull/1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217624", "name" : "https://vuldb.com/?ctiid.217624", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217624", "name" : "https://vuldb.com/?ctiid.217624", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217624", "name" : "https://vuldb.com/?id.217624", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217624", "name" : "https://vuldb.com/?id.217624", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is ba2f71ad3a46e5949ee0c510b544fa4ea973baaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217624." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pear_programming_project:pear_programming:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-02-08", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-07T19:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10029", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/kelvinmo/simplexrd/commit/4c9f2e028523ed705b555eca2c18c64e71f1a35d", "name" : "https://github.com/kelvinmo/simplexrd/commit/4c9f2e028523ed705b555eca2c18c64e71f1a35d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/kelvinmo/simplexrd/commit/4c9f2e028523ed705b555eca2c18c64e71f1a35d", "name" : "https://github.com/kelvinmo/simplexrd/commit/4c9f2e028523ed705b555eca2c18c64e71f1a35d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/kelvinmo/simplexrd/releases/tag/v3.1.1", "name" : "https://github.com/kelvinmo/simplexrd/releases/tag/v3.1.1", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/kelvinmo/simplexrd/releases/tag/v3.1.1", "name" : "https://github.com/kelvinmo/simplexrd/releases/tag/v3.1.1", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217630", "name" : "https://vuldb.com/?ctiid.217630", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217630", "name" : "https://vuldb.com/?ctiid.217630", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217630", "name" : "https://vuldb.com/?id.217630", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217630", "name" : "https://vuldb.com/?id.217630", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The patch is identified as 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:simplexrd_project:simplexrd:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-07T20:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10030", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7", "name" : "https://github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7", "name" : "https://github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/SUKOHI/Surpass/releases/tag/1.0.0", "name" : "https://github.com/SUKOHI/Surpass/releases/tag/1.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/SUKOHI/Surpass/releases/tag/1.0.0", "name" : "https://github.com/SUKOHI/Surpass/releases/tag/1.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217642", "name" : "https://vuldb.com/?ctiid.217642", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217642", "name" : "https://vuldb.com/?ctiid.217642", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217642", "name" : "https://vuldb.com/?id.217642", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217642", "name" : "https://vuldb.com/?id.217642", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:surpass_project:surpass:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2023-01-08T10:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10031", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/purpleparrots/491-Project/commit/a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab", "name" : "https://github.com/purpleparrots/491-Project/commit/a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/purpleparrots/491-Project/commit/a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab", "name" : "https://github.com/purpleparrots/491-Project/commit/a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217648", "name" : "https://vuldb.com/?ctiid.217648", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217648", "name" : "https://vuldb.com/?ctiid.217648", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217648", "name" : "https://vuldb.com/?id.217648", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217648", "name" : "https://vuldb.com/?id.217648", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217648." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:github:491-project:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-03-11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-08T17:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10032", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/StevenElberger/HealthMateWeb/commit/472776c25b1046ecaf962c46fed7c713c72c28e3", "name" : "https://github.com/StevenElberger/HealthMateWeb/commit/472776c25b1046ecaf962c46fed7c713c72c28e3", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/StevenElberger/HealthMateWeb/commit/472776c25b1046ecaf962c46fed7c713c72c28e3", "name" : "https://github.com/StevenElberger/HealthMateWeb/commit/472776c25b1046ecaf962c46fed7c713c72c28e3", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217663", "name" : "https://vuldb.com/?ctiid.217663", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.217663", "name" : "https://vuldb.com/?ctiid.217663", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217663", "name" : "https://vuldb.com/?id.217663", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217663", "name" : "https://vuldb.com/?id.217663", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in HealthMateWeb. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file createaccount.php. The manipulation of the argument username/password/first_name/last_name/company/phone leads to cross site scripting. The attack can be launched remotely. The patch is named 472776c25b1046ecaf962c46fed7c713c72c28e3. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217663." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:healthmateweb_project:healthmateweb:*:*:*:*:*:android:*:*", "versionEndExcluding" : "2015-02-14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-09T09:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10033", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jvvlee/MerlinsBoard/commit/134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5", "name" : "https://github.com/jvvlee/MerlinsBoard/commit/134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/jvvlee/MerlinsBoard/commit/134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5", "name" : "https://github.com/jvvlee/MerlinsBoard/commit/134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217713", "name" : "https://vuldb.com/?ctiid.217713", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217713", "name" : "https://vuldb.com/?ctiid.217713", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217713", "name" : "https://vuldb.com/?id.217713", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217713", "name" : "https://vuldb.com/?id.217713", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The identifier of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:merlinsboard_project:merlinsboard:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-03-19", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.2, "impactScore" : 5.2 } }, "publishedDate" : "2023-01-09T21:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10034", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/j-nowak/workout-organizer/commit/13cd6c3d1210640bfdb39872b2bb3597aa991279", "name" : "https://github.com/j-nowak/workout-organizer/commit/13cd6c3d1210640bfdb39872b2bb3597aa991279", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/j-nowak/workout-organizer/commit/13cd6c3d1210640bfdb39872b2bb3597aa991279", "name" : "https://github.com/j-nowak/workout-organizer/commit/13cd6c3d1210640bfdb39872b2bb3597aa991279", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217714", "name" : "https://vuldb.com/?ctiid.217714", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217714", "name" : "https://vuldb.com/?ctiid.217714", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217714", "name" : "https://vuldb.com/?id.217714", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217714", "name" : "https://vuldb.com/?id.217714", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:workout-organizer_project:workout-organizer:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-02-03", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-09T21:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10035", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/gperson/angular-test-reporter/commit/a29d8ae121b46ebfa96a55a9106466ab2ef166ae", "name" : "https://github.com/gperson/angular-test-reporter/commit/a29d8ae121b46ebfa96a55a9106466ab2ef166ae", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/gperson/angular-test-reporter/commit/a29d8ae121b46ebfa96a55a9106466ab2ef166ae", "name" : "https://github.com/gperson/angular-test-reporter/commit/a29d8ae121b46ebfa96a55a9106466ab2ef166ae", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217715", "name" : "https://vuldb.com/?ctiid.217715", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217715", "name" : "https://vuldb.com/?ctiid.217715", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217715", "name" : "https://vuldb.com/?id.217715", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217715", "name" : "https://vuldb.com/?id.217715", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The patch is named a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:angular-test-reporter_project:angular-test-reporter:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-01-07", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-09T21:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10036", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/kylebebak/dronfelipe/commit/87405b74fe651892d79d0dff62ed17a7eaef6a60", "name" : "https://github.com/kylebebak/dronfelipe/commit/87405b74fe651892d79d0dff62ed17a7eaef6a60", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/kylebebak/dronfelipe/commit/87405b74fe651892d79d0dff62ed17a7eaef6a60", "name" : "https://github.com/kylebebak/dronfelipe/commit/87405b74fe651892d79d0dff62ed17a7eaef6a60", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217951", "name" : "https://vuldb.com/?ctiid.217951", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217951", "name" : "https://vuldb.com/?ctiid.217951", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217951", "name" : "https://vuldb.com/?id.217951", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217951", "name" : "https://vuldb.com/?id.217951", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in kylebebak dronfelipe. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named 87405b74fe651892d79d0dff62ed17a7eaef6a60. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217951." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dronfelipe_project:dronfelipe:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-12-15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-11T07:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10037", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/marinaguimaraes/ACI_Escola/commit/34eed1f7b9295d1424912f79989d8aba5de41e9f", "name" : "https://github.com/marinaguimaraes/ACI_Escola/commit/34eed1f7b9295d1424912f79989d8aba5de41e9f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/marinaguimaraes/ACI_Escola/commit/34eed1f7b9295d1424912f79989d8aba5de41e9f", "name" : "https://github.com/marinaguimaraes/ACI_Escola/commit/34eed1f7b9295d1424912f79989d8aba5de41e9f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217965", "name" : "https://vuldb.com/?ctiid.217965", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217965", "name" : "https://vuldb.com/?ctiid.217965", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217965", "name" : "https://vuldb.com/?id.217965", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217965", "name" : "https://vuldb.com/?id.217965", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in ACI_Escola. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 34eed1f7b9295d1424912f79989d8aba5de41e9f. It is recommended to apply a patch to fix this issue. The identifier VDB-217965 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aci_escola_project:aci_escola:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-03-12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-11T07:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10038", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/nym3r0s/pplv2/commit/28f8b0550104044da09f04659797487c59f85b00", "name" : "https://github.com/nym3r0s/pplv2/commit/28f8b0550104044da09f04659797487c59f85b00", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/nym3r0s/pplv2/commit/28f8b0550104044da09f04659797487c59f85b00", "name" : "https://github.com/nym3r0s/pplv2/commit/28f8b0550104044da09f04659797487c59f85b00", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218023", "name" : "https://vuldb.com/?ctiid.218023", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218023", "name" : "https://vuldb.com/?ctiid.218023", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218023", "name" : "https://vuldb.com/?id.218023", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218023", "name" : "https://vuldb.com/?id.218023", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in nym3r0s pplv2. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named 28f8b0550104044da09f04659797487c59f85b00. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218023." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pplv2_project:pplv2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.1, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-11T19:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10039", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/dobos/domino/commit/16f039073709a21a76526110d773a6cce0ce753a", "name" : "https://github.com/dobos/domino/commit/16f039073709a21a76526110d773a6cce0ce753a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/dobos/domino/commit/16f039073709a21a76526110d773a6cce0ce753a", "name" : "https://github.com/dobos/domino/commit/16f039073709a21a76526110d773a6cce0ce753a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/dobos/domino/releases/tag/v0.1.5524.38553", "name" : "https://github.com/dobos/domino/releases/tag/v0.1.5524.38553", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/dobos/domino/releases/tag/v0.1.5524.38553", "name" : "https://github.com/dobos/domino/releases/tag/v0.1.5524.38553", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218024", "name" : "https://vuldb.com/?ctiid.218024", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218024", "name" : "https://vuldb.com/?ctiid.218024", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218024", "name" : "https://vuldb.com/?id.218024", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218024", "name" : "https://vuldb.com/?id.218024", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is some unknown functionality in the library src/Complex.Domino.Lib/Lib/EntityFactory.cs. The manipulation leads to sql injection. Upgrading to version 0.1.5524.38553 is able to address this issue. The name of the patch is 16f039073709a21a76526110d773a6cce0ce753a. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218024." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:domino_project:domino:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.1.5524.38553", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.1, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-11T19:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1004", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10040", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-116" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mikeizbicki/gitlearn/commit/3faa5deaa509012069afe75cd03c21bda5050a64", "name" : "https://github.com/mikeizbicki/gitlearn/commit/3faa5deaa509012069afe75cd03c21bda5050a64", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/mikeizbicki/gitlearn/commit/3faa5deaa509012069afe75cd03c21bda5050a64", "name" : "https://github.com/mikeizbicki/gitlearn/commit/3faa5deaa509012069afe75cd03c21bda5050a64", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/mikeizbicki/gitlearn/pull/31", "name" : "https://github.com/mikeizbicki/gitlearn/pull/31", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/mikeizbicki/gitlearn/pull/31", "name" : "https://github.com/mikeizbicki/gitlearn/pull/31", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218302", "name" : "https://vuldb.com/?ctiid.218302", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218302", "name" : "https://vuldb.com/?ctiid.218302", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218302", "name" : "https://vuldb.com/?id.218302", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218302", "name" : "https://vuldb.com/?id.218302", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Handler. The manipulation leads to injection. The attack can be initiated remotely. The patch is identified as 3faa5deaa509012069afe75cd03c21bda5050a64. It is recommended to apply a patch to fix this issue. VDB-218302 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlearn_project:gitlearn:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-06-09", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2023-01-13T20:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10041", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Dovgalyuk/AIBattle-disabled-/commit/e3aa4d0900167641d41cbccf53909229f00381c9", "name" : "https://github.com/Dovgalyuk/AIBattle-disabled-/commit/e3aa4d0900167641d41cbccf53909229f00381c9", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Dovgalyuk/AIBattle-disabled-/commit/e3aa4d0900167641d41cbccf53909229f00381c9", "name" : "https://github.com/Dovgalyuk/AIBattle-disabled-/commit/e3aa4d0900167641d41cbccf53909229f00381c9", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218304", "name" : "https://vuldb.com/?ctiid.218304", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218304", "name" : "https://vuldb.com/?ctiid.218304", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218304", "name" : "https://vuldb.com/?id.218304", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218304", "name" : "https://vuldb.com/?id.218304", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Dovgalyuk AIBattle. Affected is the function sendComments of the file site/procedures.php. The manipulation of the argument text leads to sql injection. The name of the patch is e3aa4d0900167641d41cbccf53909229f00381c9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218304. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aibattle_project:aibattle:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-08-11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-13T20:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10042", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Dovgalyuk/AIBattle-disabled-/commit/448e9880aac18ae7832f8d065e03e46ce0f1d3e3", "name" : "https://github.com/Dovgalyuk/AIBattle-disabled-/commit/448e9880aac18ae7832f8d065e03e46ce0f1d3e3", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Dovgalyuk/AIBattle-disabled-/commit/448e9880aac18ae7832f8d065e03e46ce0f1d3e3", "name" : "https://github.com/Dovgalyuk/AIBattle-disabled-/commit/448e9880aac18ae7832f8d065e03e46ce0f1d3e3", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218305", "name" : "https://vuldb.com/?ctiid.218305", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218305", "name" : "https://vuldb.com/?ctiid.218305", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218305", "name" : "https://vuldb.com/?id.218305", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218305", "name" : "https://vuldb.com/?id.218305", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The identifier of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB-218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aibattle_project:aibattle:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-08-10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-13T21:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10043", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/abreen/Apollo/commit/6206406630780bbd074aff34f4683fb764faba71", "name" : "https://github.com/abreen/Apollo/commit/6206406630780bbd074aff34f4683fb764faba71", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abreen/Apollo/commit/6206406630780bbd074aff34f4683fb764faba71", "name" : "https://github.com/abreen/Apollo/commit/6206406630780bbd074aff34f4683fb764faba71", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218307", "name" : "https://vuldb.com/?ctiid.218307", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218307", "name" : "https://vuldb.com/?ctiid.218307", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218307", "name" : "https://vuldb.com/?id.218307", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218307", "name" : "https://vuldb.com/?id.218307", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The patch is named 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218307." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apollo_project:apollo:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-01-29", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-14T21:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10044", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/gophergala/sqldump/commit/76db54e9073b5248b8863e71a63d66a32d567d21", "name" : "https://github.com/gophergala/sqldump/commit/76db54e9073b5248b8863e71a63d66a32d567d21", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/gophergala/sqldump/commit/76db54e9073b5248b8863e71a63d66a32d567d21", "name" : "https://github.com/gophergala/sqldump/commit/76db54e9073b5248b8863e71a63d66a32d567d21", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218350", "name" : "https://vuldb.com/?ctiid.218350", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218350", "name" : "https://vuldb.com/?ctiid.218350", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218350", "name" : "https://vuldb.com/?id.218350", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218350", "name" : "https://vuldb.com/?id.218350", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in gophergala sqldump. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as 76db54e9073b5248b8863e71a63d66a32d567d21. It is recommended to apply a patch to fix this issue. VDB-218350 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sqldump_project:sqldump:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-01-24", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-15T10:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10045", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/tutrantta/project_todolist/commit/194a0411bbe11aa4813f13c66b9e8ea403539141", "name" : "https://github.com/tutrantta/project_todolist/commit/194a0411bbe11aa4813f13c66b9e8ea403539141", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/tutrantta/project_todolist/commit/194a0411bbe11aa4813f13c66b9e8ea403539141", "name" : "https://github.com/tutrantta/project_todolist/commit/194a0411bbe11aa4813f13c66b9e8ea403539141", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218352", "name" : "https://vuldb.com/?ctiid.218352", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218352", "name" : "https://vuldb.com/?ctiid.218352", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218352", "name" : "https://vuldb.com/?id.218352", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218352", "name" : "https://vuldb.com/?id.218352", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in tutrantta project_todolist. Affected is the function getAffectedRows/where/insert/update in the library library/Database.php. The manipulation leads to sql injection. The name of the patch is 194a0411bbe11aa4813f13c66b9e8ea403539141. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218352." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:project_todolist_project:project_todolist:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-01-13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-15T10:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10046", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/philipblaquiere/lolfeedback/commit/6cf0b5f2228cd8765f734badd37910051000f2b2", "name" : "https://github.com/philipblaquiere/lolfeedback/commit/6cf0b5f2228cd8765f734badd37910051000f2b2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/philipblaquiere/lolfeedback/commit/6cf0b5f2228cd8765f734badd37910051000f2b2", "name" : "https://github.com/philipblaquiere/lolfeedback/commit/6cf0b5f2228cd8765f734badd37910051000f2b2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218353", "name" : "https://vuldb.com/?ctiid.218353", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218353", "name" : "https://vuldb.com/?ctiid.218353", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218353", "name" : "https://vuldb.com/?id.218353", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218353", "name" : "https://vuldb.com/?id.218353", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in lolfeedback and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The identifier of the patch is 6cf0b5f2228cd8765f734badd37910051000f2b2. It is recommended to apply a patch to fix this issue. The identifier VDB-218353 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lolfeedback_project:lolfeedback:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-01-03", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-15T10:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10047", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/KYUUBl/school-register/commit/1cf7e01b878aee923f2b22cc2535c71a680e4c30", "name" : "https://github.com/KYUUBl/school-register/commit/1cf7e01b878aee923f2b22cc2535c71a680e4c30", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/KYUUBl/school-register/commit/1cf7e01b878aee923f2b22cc2535c71a680e4c30", "name" : "https://github.com/KYUUBl/school-register/commit/1cf7e01b878aee923f2b22cc2535c71a680e4c30", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218355", "name" : "https://vuldb.com/?ctiid.218355", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218355", "name" : "https://vuldb.com/?ctiid.218355", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218355", "name" : "https://vuldb.com/?id.218355", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218355", "name" : "https://vuldb.com/?id.218355", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in KYUUBl school-register. It has been classified as critical. This affects an unknown part of the file src/DBManager.java. The manipulation leads to sql injection. The patch is named 1cf7e01b878aee923f2b22cc2535c71a680e4c30. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218355." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:school-register_project:school-register:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-02-05", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-15T10:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10048", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/bmattoso/desafio_buzz_woody/commit/cb8220cbae06082c969b1776fcb2fdafb3a1006b", "name" : "https://github.com/bmattoso/desafio_buzz_woody/commit/cb8220cbae06082c969b1776fcb2fdafb3a1006b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/bmattoso/desafio_buzz_woody/commit/cb8220cbae06082c969b1776fcb2fdafb3a1006b", "name" : "https://github.com/bmattoso/desafio_buzz_woody/commit/cb8220cbae06082c969b1776fcb2fdafb3a1006b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218357", "name" : "https://vuldb.com/?ctiid.218357", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218357", "name" : "https://vuldb.com/?ctiid.218357", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218357", "name" : "https://vuldb.com/?id.218357", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218357", "name" : "https://vuldb.com/?id.218357", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in bmattoso desafio_buzz_woody. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identifier of the patch is cb8220cbae06082c969b1776fcb2fdafb3a1006b. It is recommended to apply a patch to fix this issue. The identifier VDB-218357 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:desafio_buzz_woody_project:desafio_buzz_woody:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-02-08", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-15T10:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10049", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/overdrive-diy/course-builder/commit/e39645fd714adb7e549908780235911ae282b21b", "name" : "https://github.com/overdrive-diy/course-builder/commit/e39645fd714adb7e549908780235911ae282b21b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/overdrive-diy/course-builder/commit/e39645fd714adb7e549908780235911ae282b21b", "name" : "https://github.com/overdrive-diy/course-builder/commit/e39645fd714adb7e549908780235911ae282b21b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/overdrive-diy/course-builder/releases/tag/V1.8.0", "name" : "https://github.com/overdrive-diy/course-builder/releases/tag/V1.8.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/overdrive-diy/course-builder/releases/tag/V1.8.0", "name" : "https://github.com/overdrive-diy/course-builder/releases/tag/V1.8.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218372", "name" : "https://vuldb.com/?ctiid.218372", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218372", "name" : "https://vuldb.com/?ctiid.218372", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218372", "name" : "https://vuldb.com/?id.218372", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218372", "name" : "https://vuldb.com/?id.218372", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Overdrive Eletrônica course-builder up to 1.7.x and classified as problematic. Affected by this issue is some unknown functionality of the file coursebuilder/modules/oeditor/oeditor.html. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.0 is able to address this issue. The name of the patch is e39645fd714adb7e549908780235911ae282b21b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218372." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:course-builder_project:course-builder:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-15T18:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10050", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/brandonfire/miRNA_Database_by_PHP_MySql/commit/307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a", "name" : "https://github.com/brandonfire/miRNA_Database_by_PHP_MySql/commit/307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/brandonfire/miRNA_Database_by_PHP_MySql/commit/307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a", "name" : "https://github.com/brandonfire/miRNA_Database_by_PHP_MySql/commit/307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218374", "name" : "https://vuldb.com/?ctiid.218374", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218374", "name" : "https://vuldb.com/?ctiid.218374", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218374", "name" : "https://vuldb.com/?id.218374", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218374", "name" : "https://vuldb.com/?id.218374", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The patch is identified as 307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a. It is recommended to apply a patch to fix this issue. VDB-218374 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirna_database_by_php_mysql_project:mirna_database_by_php_mysql:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-01-23", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-15T18:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10051", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/bony2023/Discussion-Board/commit/26439bc4c63632d63ba89ebc0f149b25a9010361", "name" : "https://github.com/bony2023/Discussion-Board/commit/26439bc4c63632d63ba89ebc0f149b25a9010361", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/bony2023/Discussion-Board/commit/26439bc4c63632d63ba89ebc0f149b25a9010361", "name" : "https://github.com/bony2023/Discussion-Board/commit/26439bc4c63632d63ba89ebc0f149b25a9010361", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218378", "name" : "https://vuldb.com/?ctiid.218378", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218378", "name" : "https://vuldb.com/?ctiid.218378", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218378", "name" : "https://vuldb.com/?id.218378", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218378", "name" : "https://vuldb.com/?id.218378", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in bony2023 Discussion-Board. Affected by this issue is the function display_all_replies of the file functions/main.php. The manipulation of the argument str leads to sql injection. The patch is identified as 26439bc4c63632d63ba89ebc0f149b25a9010361. It is recommended to apply a patch to fix this issue. VDB-218378 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:discussion-board_project:discussion-board:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-06-19", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-15T18:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10052", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/calesanz/gibb-modul-151/commit/88a517dc19443081210c804b655e72770727540d", "name" : "https://github.com/calesanz/gibb-modul-151/commit/88a517dc19443081210c804b655e72770727540d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/calesanz/gibb-modul-151/commit/88a517dc19443081210c804b655e72770727540d", "name" : "https://github.com/calesanz/gibb-modul-151/commit/88a517dc19443081210c804b655e72770727540d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218379", "name" : "https://vuldb.com/?ctiid.218379", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218379", "name" : "https://vuldb.com/?ctiid.218379", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218379", "name" : "https://vuldb.com/?id.218379", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218379", "name" : "https://vuldb.com/?id.218379", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in calesanz gibb-modul-151. This affects the function bearbeiten/login. The manipulation leads to open redirect. It is possible to initiate the attack remotely. The patch is named 88a517dc19443081210c804b655e72770727540d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218379. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gibb-modul-151_project:gibb-modul-151:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-03-19", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-15T19:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10053", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/prodigasistemas/curupira/commit/93a9a77896bb66c949acb8e64bceafc74bc8c271", "name" : "https://github.com/prodigasistemas/curupira/commit/93a9a77896bb66c949acb8e64bceafc74bc8c271", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/prodigasistemas/curupira/commit/93a9a77896bb66c949acb8e64bceafc74bc8c271", "name" : "https://github.com/prodigasistemas/curupira/commit/93a9a77896bb66c949acb8e64bceafc74bc8c271", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/prodigasistemas/curupira/releases/tag/v0.1.4", "name" : "https://github.com/prodigasistemas/curupira/releases/tag/v0.1.4", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/prodigasistemas/curupira/releases/tag/v0.1.4", "name" : "https://github.com/prodigasistemas/curupira/releases/tag/v0.1.4", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218394", "name" : "https://vuldb.com/?ctiid.218394", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218394", "name" : "https://vuldb.com/?ctiid.218394", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218394", "name" : "https://vuldb.com/?id.218394", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218394", "name" : "https://vuldb.com/?id.218394", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwords_controller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The patch is identified as 93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the affected component. VDB-218394 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:prodigasistemas:curupira:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-16T12:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10054", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/githuis/P2Manage/commit/717380aba80002414f82d93c770035198b7858cc", "name" : "https://github.com/githuis/P2Manage/commit/717380aba80002414f82d93c770035198b7858cc", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/githuis/P2Manage/commit/717380aba80002414f82d93c770035198b7858cc", "name" : "https://github.com/githuis/P2Manage/commit/717380aba80002414f82d93c770035198b7858cc", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218397", "name" : "https://vuldb.com/?ctiid.218397", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218397", "name" : "https://vuldb.com/?ctiid.218397", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218397", "name" : "https://vuldb.com/?id.218397", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218397", "name" : "https://vuldb.com/?id.218397", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in githuis P2Manage. This affects the function Execute of the file PTwoManage/Database.cs. The manipulation of the argument sql leads to sql injection. The identifier of the patch is 717380aba80002414f82d93c770035198b7858cc. It is recommended to apply a patch to fix this issue. The identifier VDB-218397 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:p2manage_project:p2manage:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-05-15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-16T18:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10055", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jan-rodriguez/PictureThisWebServer/commit/68b9dc346e88b494df00d88c7d058e96820e1479", "name" : "https://github.com/jan-rodriguez/PictureThisWebServer/commit/68b9dc346e88b494df00d88c7d058e96820e1479", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/jan-rodriguez/PictureThisWebServer/commit/68b9dc346e88b494df00d88c7d058e96820e1479", "name" : "https://github.com/jan-rodriguez/PictureThisWebServer/commit/68b9dc346e88b494df00d88c7d058e96820e1479", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/jan-rodriguez/PictureThisWebServer/pull/1", "name" : "https://github.com/jan-rodriguez/PictureThisWebServer/pull/1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/jan-rodriguez/PictureThisWebServer/pull/1", "name" : "https://github.com/jan-rodriguez/PictureThisWebServer/pull/1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218399", "name" : "https://vuldb.com/?ctiid.218399", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218399", "name" : "https://vuldb.com/?ctiid.218399", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218399", "name" : "https://vuldb.com/?id.218399", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218399", "name" : "https://vuldb.com/?id.218399", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in PictureThisWebServer and classified as critical. This issue affects the function router.post of the file routes/user.js. The manipulation of the argument username/password leads to sql injection. The patch is named 68b9dc346e88b494df00d88c7d058e96820e1479. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218399." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:picturethiswebserver_project:picturethiswebserver:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-02-23", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-16T18:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10056", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/2071174A/vinylmap/commit/b07b79a1e92cc62574ba0492cce000ef4a7bd25f", "name" : "https://github.com/2071174A/vinylmap/commit/b07b79a1e92cc62574ba0492cce000ef4a7bd25f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/2071174A/vinylmap/commit/b07b79a1e92cc62574ba0492cce000ef4a7bd25f", "name" : "https://github.com/2071174A/vinylmap/commit/b07b79a1e92cc62574ba0492cce000ef4a7bd25f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218400", "name" : "https://vuldb.com/?ctiid.218400", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218400", "name" : "https://vuldb.com/?ctiid.218400", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218400", "name" : "https://vuldb.com/?id.218400", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218400", "name" : "https://vuldb.com/?id.218400", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in 2071174A vinylmap. It has been classified as critical. Affected is the function contact of the file recordstoreapp/views.py. The manipulation leads to sql injection. The name of the patch is b07b79a1e92cc62574ba0492cce000ef4a7bd25f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218400." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vinylmaps_project:vinylmaps:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-03-23", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-16T19:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10057", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1e", "name" : "https://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1e", "name" : "https://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/little-apps/little-software-stats/releases/tag/v0.2", "name" : "https://github.com/little-apps/little-software-stats/releases/tag/v0.2", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/little-apps/little-software-stats/releases/tag/v0.2", "name" : "https://github.com/little-apps/little-software-stats/releases/tag/v0.2", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218401", "name" : "https://vuldb.com/?ctiid.218401", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218401", "name" : "https://vuldb.com/?ctiid.218401", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218401", "name" : "https://vuldb.com/?id.218401", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218401", "name" : "https://vuldb.com/?id.218401", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:little-apps:little_software_stats:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-16T19:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10058", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wikisource/ws-cat-browser/commit/764f4e8ce3f9242637df77530c70ae8a2ec4b6a1", "name" : "https://github.com/wikisource/ws-cat-browser/commit/764f4e8ce3f9242637df77530c70ae8a2ec4b6a1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/wikisource/ws-cat-browser/commit/764f4e8ce3f9242637df77530c70ae8a2ec4b6a1", "name" : "https://github.com/wikisource/ws-cat-browser/commit/764f4e8ce3f9242637df77530c70ae8a2ec4b6a1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218415", "name" : "https://vuldb.com/?ctiid.218415", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.218415", "name" : "https://vuldb.com/?ctiid.218415", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218415", "name" : "https://vuldb.com/?id.218415", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218415", "name" : "https://vuldb.com/?id.218415", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in Wikisource Category Browser. This affects an unknown part of the file index.php. The manipulation of the argument lang leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 764f4e8ce3f9242637df77530c70ae8a2ec4b6a1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218415." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:wikisource_category_browser:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-07-10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-17T13:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10059", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/s134328/Webapplication-Veganguide/commit/2aa760fa4e779e40a28206a32ac22ac10356f519", "name" : "https://github.com/s134328/Webapplication-Veganguide/commit/2aa760fa4e779e40a28206a32ac22ac10356f519", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/s134328/Webapplication-Veganguide/commit/2aa760fa4e779e40a28206a32ac22ac10356f519", "name" : "https://github.com/s134328/Webapplication-Veganguide/commit/2aa760fa4e779e40a28206a32ac22ac10356f519", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218416", "name" : "https://vuldb.com/?ctiid.218416", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.218416", "name" : "https://vuldb.com/?ctiid.218416", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218416", "name" : "https://vuldb.com/?id.218416", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218416", "name" : "https://vuldb.com/?id.218416", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in s134328 Webapplication-Veganguide and classified as problematic. This vulnerability affects unknown code of the file p05-integration/app/shared/api/apiService.js. The manipulation of the argument country/city leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 2aa760fa4e779e40a28206a32ac22ac10356f519. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218416." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webapplication-veganguide_project:webapplication-veganguide:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-05-11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-17T13:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1006", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opto22:optodatalink:*:*:*:*:*:*:*:*", "versionEndExcluding" : "r9.4d", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opto22:optoopcserver:*:*:*:*:*:*:*:*", "versionEndExcluding" : "r9.4c", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opto22:pac_display:*:*:*:*:basic:*:*:*", "versionEndExcluding" : "r9.4f", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opto22:pac_display:*:*:*:*:professional:*:*:*", "versionEndExcluding" : "r9.4f", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opto22:pac_project:*:*:*:*:basic:*:*:*", "versionEndExcluding" : "r9.4006", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opto22:pac_project:*:*:*:*:professional:*:*:*", "versionEndExcluding" : "r9.4006", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-10T14:29Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10060", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/MNBikeways/database/commit/829a027aca7c17f5a7ec1addca8dd5d5542f86ac", "name" : "https://github.com/MNBikeways/database/commit/829a027aca7c17f5a7ec1addca8dd5d5542f86ac", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/MNBikeways/database/commit/829a027aca7c17f5a7ec1addca8dd5d5542f86ac", "name" : "https://github.com/MNBikeways/database/commit/829a027aca7c17f5a7ec1addca8dd5d5542f86ac", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218417", "name" : "https://vuldb.com/?ctiid.218417", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.218417", "name" : "https://vuldb.com/?ctiid.218417", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218417", "name" : "https://vuldb.com/?id.218417", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218417", "name" : "https://vuldb.com/?id.218417", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in MNBikeways database and classified as critical. This issue affects some unknown processing of the file Data/views.py. The manipulation of the argument id1/id2 leads to sql injection. The identifier of the patch is 829a027aca7c17f5a7ec1addca8dd5d5542f86ac. It is recommended to apply a patch to fix this issue. The identifier VDB-218417 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mnbikeways_database_project:mnbikeways_database:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-06-22", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-17T13:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10061", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/evandro-machado/Trabalho-Web2/commit/f59ac954625d0a4f6d34f069a2e26686a7a20aeb", "name" : "https://github.com/evandro-machado/Trabalho-Web2/commit/f59ac954625d0a4f6d34f069a2e26686a7a20aeb", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/evandro-machado/Trabalho-Web2/commit/f59ac954625d0a4f6d34f069a2e26686a7a20aeb", "name" : "https://github.com/evandro-machado/Trabalho-Web2/commit/f59ac954625d0a4f6d34f069a2e26686a7a20aeb", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218427", "name" : "https://vuldb.com/?ctiid.218427", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.218427", "name" : "https://vuldb.com/?ctiid.218427", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218427", "name" : "https://vuldb.com/?id.218427", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218427", "name" : "https://vuldb.com/?id.218427", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in evandro-machado Trabalho-Web2. It has been classified as critical. This affects an unknown part of the file src/java/br/com/magazine/dao/ClienteDAO.java. The manipulation leads to sql injection. The patch is named f59ac954625d0a4f6d34f069a2e26686a7a20aeb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218427." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trabalho-web2_project:trabalho-web2:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-06-09", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-17T16:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10062", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/blankenberg/galaxy-data-resource/commit/50d65f45d3f5be5d1fbff2e45ac5cec075f07d42", "name" : "https://github.com/blankenberg/galaxy-data-resource/commit/50d65f45d3f5be5d1fbff2e45ac5cec075f07d42", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/blankenberg/galaxy-data-resource/commit/50d65f45d3f5be5d1fbff2e45ac5cec075f07d42", "name" : "https://github.com/blankenberg/galaxy-data-resource/commit/50d65f45d3f5be5d1fbff2e45ac5cec075f07d42", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/blankenberg/galaxy-data-resource/releases/tag/v14.10.1", "name" : "https://github.com/blankenberg/galaxy-data-resource/releases/tag/v14.10.1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/blankenberg/galaxy-data-resource/releases/tag/v14.10.1", "name" : "https://github.com/blankenberg/galaxy-data-resource/releases/tag/v14.10.1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218451", "name" : "https://vuldb.com/?ctiid.218451", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.218451", "name" : "https://vuldb.com/?ctiid.218451", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218451", "name" : "https://vuldb.com/?id.218451", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218451", "name" : "https://vuldb.com/?id.218451", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named 50d65f45d3f5be5d1fbff2e45ac5cec075f07d42. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218451." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:galaxyproject:galaxy:*:*:*:*:*:*:*:*", "versionEndExcluding" : "14.10.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-17T19:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10063", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/saemorris/TheRadSystem/commit/bfba26bd34af31648a11af35a0bb66f1948752a6", "name" : "https://github.com/saemorris/TheRadSystem/commit/bfba26bd34af31648a11af35a0bb66f1948752a6", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/saemorris/TheRadSystem/commit/bfba26bd34af31648a11af35a0bb66f1948752a6", "name" : "https://github.com/saemorris/TheRadSystem/commit/bfba26bd34af31648a11af35a0bb66f1948752a6", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218453", "name" : "https://vuldb.com/?ctiid.218453", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218453", "name" : "https://vuldb.com/?ctiid.218453", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218453", "name" : "https://vuldb.com/?id.218453", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218453", "name" : "https://vuldb.com/?id.218453", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file _login.php. The manipulation of the argument user/pass leads to sql injection. The attack may be initiated remotely. The identifier of the patch is bfba26bd34af31648a11af35a0bb66f1948752a6. It is recommended to apply a patch to fix this issue. The identifier VDB-218453 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:theradsystem_project:theradsystem:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-04-03", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-17T19:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10064", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/VictorFerraresi/pokemon-database-php/commit/dd0e1e6cdf648d6a3deff441f515bcb1d7573d68", "name" : "https://github.com/VictorFerraresi/pokemon-database-php/commit/dd0e1e6cdf648d6a3deff441f515bcb1d7573d68", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/VictorFerraresi/pokemon-database-php/commit/dd0e1e6cdf648d6a3deff441f515bcb1d7573d68", "name" : "https://github.com/VictorFerraresi/pokemon-database-php/commit/dd0e1e6cdf648d6a3deff441f515bcb1d7573d68", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218455", "name" : "https://vuldb.com/?ctiid.218455", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.218455", "name" : "https://vuldb.com/?ctiid.218455", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218455", "name" : "https://vuldb.com/?id.218455", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218455", "name" : "https://vuldb.com/?id.218455", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in VictorFerraresi pokemon-database-php. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named dd0e1e6cdf648d6a3deff441f515bcb1d7573d68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218455." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pokemon-database-php_project:pokemon-database-php:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-05-06", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-17T19:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10065", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/AenBleidd/FiND/commit/ee2eef34a83644f286c9adcaf30437f92e9c48f1", "name" : "https://github.com/AenBleidd/FiND/commit/ee2eef34a83644f286c9adcaf30437f92e9c48f1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/AenBleidd/FiND/commit/ee2eef34a83644f286c9adcaf30437f92e9c48f1", "name" : "https://github.com/AenBleidd/FiND/commit/ee2eef34a83644f286c9adcaf30437f92e9c48f1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218458", "name" : "https://vuldb.com/?ctiid.218458", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.218458", "name" : "https://vuldb.com/?ctiid.218458", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218458", "name" : "https://vuldb.com/?id.218458", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218458", "name" : "https://vuldb.com/?id.218458", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in AenBleidd FiND. This vulnerability affects the function init_result of the file validator/my_validator.cpp. The manipulation leads to buffer overflow. The patch is identified as ee2eef34a83644f286c9adcaf30437f92e9c48f1. It is recommended to apply a patch to fix this issue. VDB-218458 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:find_project:find:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-01-28", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-17T23:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10066", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/tynx/wuersch/commit/66d4718750a741d1053d327a79e285fd50372519", "name" : "https://github.com/tynx/wuersch/commit/66d4718750a741d1053d327a79e285fd50372519", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/tynx/wuersch/commit/66d4718750a741d1053d327a79e285fd50372519", "name" : "https://github.com/tynx/wuersch/commit/66d4718750a741d1053d327a79e285fd50372519", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218462", "name" : "https://vuldb.com/?ctiid.218462", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218462", "name" : "https://vuldb.com/?ctiid.218462", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218462", "name" : "https://vuldb.com/?id.218462", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218462", "name" : "https://vuldb.com/?id.218462", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in tynx wuersch and classified as critical. Affected by this issue is the function packValue/getByCustomQuery of the file backend/base/Store.class.php. The manipulation leads to sql injection. The patch is identified as 66d4718750a741d1053d327a79e285fd50372519. It is recommended to apply a patch to fix this issue. VDB-218462 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wuersch_project:wuersch:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-03-27", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-18T00:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10067", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/oznetmaster/SSharpSmartThreadPool/commit/0e58073c831093aad75e077962e9fb55cad0dc5f", "name" : "https://github.com/oznetmaster/SSharpSmartThreadPool/commit/0e58073c831093aad75e077962e9fb55cad0dc5f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/oznetmaster/SSharpSmartThreadPool/commit/0e58073c831093aad75e077962e9fb55cad0dc5f", "name" : "https://github.com/oznetmaster/SSharpSmartThreadPool/commit/0e58073c831093aad75e077962e9fb55cad0dc5f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218463", "name" : "https://vuldb.com/?ctiid.218463", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218463", "name" : "https://vuldb.com/?ctiid.218463", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218463", "name" : "https://vuldb.com/?id.218463", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218463", "name" : "https://vuldb.com/?id.218463", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulation leads to race condition within a thread. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 0e58073c831093aad75e077962e9fb55cad0dc5f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218463." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ssharpsmartthreadpool_project:ssharpsmartthreadpool:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-03-13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-18T01:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10068", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/danynab/movify-j/commit/c3085e01936a4d7eff1eda3093f25d56cc4d2ec5", "name" : "https://github.com/danynab/movify-j/commit/c3085e01936a4d7eff1eda3093f25d56cc4d2ec5", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/danynab/movify-j/commit/c3085e01936a4d7eff1eda3093f25d56cc4d2ec5", "name" : "https://github.com/danynab/movify-j/commit/c3085e01936a4d7eff1eda3093f25d56cc4d2ec5", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218476", "name" : "https://vuldb.com/?ctiid.218476", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.218476", "name" : "https://vuldb.com/?ctiid.218476", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218476", "name" : "https://vuldb.com/?id.218476", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.218476", "name" : "https://vuldb.com/?id.218476", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in danynab movify-j. This vulnerability affects the function getByMovieId of the file app/business/impl/ReviewServiceImpl.java. The manipulation of the argument movieId/username leads to sql injection. The name of the patch is c3085e01936a4d7eff1eda3093f25d56cc4d2ec5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218476." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:movify-j_project:movify-j:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-03-14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-18T08:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10069", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/viakondratiuk/cash-machine/commit/62a6e24efdfa195b70d7df140d8287fdc38eb66d", "name" : "https://github.com/viakondratiuk/cash-machine/commit/62a6e24efdfa195b70d7df140d8287fdc38eb66d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/viakondratiuk/cash-machine/commit/62a6e24efdfa195b70d7df140d8287fdc38eb66d", "name" : "https://github.com/viakondratiuk/cash-machine/commit/62a6e24efdfa195b70d7df140d8287fdc38eb66d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218896", "name" : "https://vuldb.com/?ctiid.218896", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218896", "name" : "https://vuldb.com/?ctiid.218896", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218896", "name" : "https://vuldb.com/?id.218896", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218896", "name" : "https://vuldb.com/?id.218896", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in viakondratiuk cash-machine. It has been declared as critical. This vulnerability affects the function is_card_pin_at_session/update_failed_attempts of the file machine.py. The manipulation leads to sql injection. The name of the patch is 62a6e24efdfa195b70d7df140d8287fdc38eb66d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218896." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cash-machine_project:cash-machine:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-03-22", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-19T08:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1007", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opto22:optodatalink:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r9.4d", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opto22:optoopcserver:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r9.4c", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opto22:pac_display:*:*:*:*:basic:*:*:*", "versionEndExcluding" : "r9.4g", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opto22:pac_display:*:*:*:*:professional:*:*:*", "versionEndExcluding" : "r9.4g", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opto22:pac_project:*:*:*:*:basic:*:*:*", "versionEndExcluding" : "r9.4008", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opto22:pac_project:*:*:*:*:professional:*:*:*", "versionEndExcluding" : "r9.4008", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-03-25T19:29Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10070", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/copperwall/twiddit/commit/2203d4ce9810bdaccece5c48ff4888658a01acfc", "name" : "https://github.com/copperwall/twiddit/commit/2203d4ce9810bdaccece5c48ff4888658a01acfc", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/copperwall/twiddit/commit/2203d4ce9810bdaccece5c48ff4888658a01acfc", "name" : "https://github.com/copperwall/twiddit/commit/2203d4ce9810bdaccece5c48ff4888658a01acfc", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218897", "name" : "https://vuldb.com/?ctiid.218897", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218897", "name" : "https://vuldb.com/?ctiid.218897", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218897", "name" : "https://vuldb.com/?id.218897", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218897", "name" : "https://vuldb.com/?id.218897", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in copperwall Twiddit. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation leads to sql injection. The identifier of the patch is 2203d4ce9810bdaccece5c48ff4888658a01acfc. It is recommended to apply a patch to fix this issue. The identifier VDB-218897 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:twiddit_project:twiddit:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-03-18", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-19T10:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10071", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/gitter-badger/ezpublish-modern-legacy/commit/5908d5ee65fec61ce0e321d586530461a210bf2a", "name" : "https://github.com/gitter-badger/ezpublish-modern-legacy/commit/5908d5ee65fec61ce0e321d586530461a210bf2a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/gitter-badger/ezpublish-modern-legacy/commit/5908d5ee65fec61ce0e321d586530461a210bf2a", "name" : "https://github.com/gitter-badger/ezpublish-modern-legacy/commit/5908d5ee65fec61ce0e321d586530461a210bf2a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/gitter-badger/ezpublish-modern-legacy/releases/tag/1.0", "name" : "https://github.com/gitter-badger/ezpublish-modern-legacy/releases/tag/1.0", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/gitter-badger/ezpublish-modern-legacy/releases/tag/1.0", "name" : "https://github.com/gitter-badger/ezpublish-modern-legacy/releases/tag/1.0", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218951", "name" : "https://vuldb.com/?ctiid.218951", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218951", "name" : "https://vuldb.com/?ctiid.218951", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218951", "name" : "https://vuldb.com/?id.218951", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218951", "name" : "https://vuldb.com/?id.218951", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is named 5908d5ee65fec61ce0e321d586530461a210bf2a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218951." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitter:ez_publish_modern_legacy:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2023-01-19T10:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10072", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/NREL/api-umbrella-web/commit/bcc0e922c61d30367678c8f17a435950969315cd", "name" : "https://github.com/NREL/api-umbrella-web/commit/bcc0e922c61d30367678c8f17a435950969315cd", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/NREL/api-umbrella-web/commit/bcc0e922c61d30367678c8f17a435950969315cd", "name" : "https://github.com/NREL/api-umbrella-web/commit/bcc0e922c61d30367678c8f17a435950969315cd", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/NREL/api-umbrella-web/releases/tag/v0.8.0", "name" : "https://github.com/NREL/api-umbrella-web/releases/tag/v0.8.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/NREL/api-umbrella-web/releases/tag/v0.8.0", "name" : "https://github.com/NREL/api-umbrella-web/releases/tag/v0.8.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.220060", "name" : "https://vuldb.com/?ctiid.220060", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.220060", "name" : "https://vuldb.com/?ctiid.220060", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220060", "name" : "https://vuldb.com/?id.220060", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220060", "name" : "https://vuldb.com/?id.220060", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is bcc0e922c61d30367678c8f17a435950969315cd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220060." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nrel:api_umbrella_web:0.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-02-04T04:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10073", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/tinymighty/wiki-seo/commit/089a5797be612b18a820f9f1e6593ad9a91b1dba", "name" : "https://github.com/tinymighty/wiki-seo/commit/089a5797be612b18a820f9f1e6593ad9a91b1dba", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/tinymighty/wiki-seo/commit/089a5797be612b18a820f9f1e6593ad9a91b1dba", "name" : "https://github.com/tinymighty/wiki-seo/commit/089a5797be612b18a820f9f1e6593ad9a91b1dba", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/tinymighty/wiki-seo/pull/21", "name" : "https://github.com/tinymighty/wiki-seo/pull/21", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://github.com/tinymighty/wiki-seo/pull/21", "name" : "https://github.com/tinymighty/wiki-seo/pull/21", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://github.com/tinymighty/wiki-seo/releases/tag/1.2.2", "name" : "https://github.com/tinymighty/wiki-seo/releases/tag/1.2.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/tinymighty/wiki-seo/releases/tag/1.2.2", "name" : "https://github.com/tinymighty/wiki-seo/releases/tag/1.2.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.220215", "name" : "https://vuldb.com/?ctiid.220215", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.220215", "name" : "https://vuldb.com/?ctiid.220215", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220215", "name" : "https://vuldb.com/?id.220215", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220215", "name" : "https://vuldb.com/?id.220215", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1 on MediaWiki. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.2 is able to address this issue. The patch is named 089a5797be612b18a820f9f1e6593ad9a91b1dba. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220215." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tinymighty:wikiseo:1.2.1:*:*:*:*:mediawiki:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.6, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 2.8, "impactScore" : 6.0 } }, "publishedDate" : "2023-02-06T20:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10074", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/OpenSeaMap/online_chart/commit/8649157158f921590d650e2d2f4bdf0df1017e9d", "name" : "https://github.com/OpenSeaMap/online_chart/commit/8649157158f921590d650e2d2f4bdf0df1017e9d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/OpenSeaMap/online_chart/commit/8649157158f921590d650e2d2f4bdf0df1017e9d", "name" : "https://github.com/OpenSeaMap/online_chart/commit/8649157158f921590d650e2d2f4bdf0df1017e9d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/OpenSeaMap/online_chart/pull/70", "name" : "https://github.com/OpenSeaMap/online_chart/pull/70", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/OpenSeaMap/online_chart/pull/70", "name" : "https://github.com/OpenSeaMap/online_chart/pull/70", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/OpenSeaMap/online_chart/releases/tag/staging", "name" : "https://github.com/OpenSeaMap/online_chart/releases/tag/staging", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/OpenSeaMap/online_chart/releases/tag/staging", "name" : "https://github.com/OpenSeaMap/online_chart/releases/tag/staging", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.220218", "name" : "https://vuldb.com/?ctiid.220218", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.220218", "name" : "https://vuldb.com/?ctiid.220218", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.220218", "name" : "https://vuldb.com/?id.220218", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220218", "name" : "https://vuldb.com/?id.220218", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is able to address this issue. The patch is identified as 8649157158f921590d650e2d2f4bdf0df1017e9d. It is recommended to upgrade the affected component. VDB-220218 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openseamap:online_chart:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-02-07T10:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10075", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/georgestephanis/Custom-Content-Width/commit/e05e0104fc42ad13b57e2b2cb2d1857432624d39", "name" : "https://github.com/georgestephanis/Custom-Content-Width/commit/e05e0104fc42ad13b57e2b2cb2d1857432624d39", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/georgestephanis/Custom-Content-Width/commit/e05e0104fc42ad13b57e2b2cb2d1857432624d39", "name" : "https://github.com/georgestephanis/Custom-Content-Width/commit/e05e0104fc42ad13b57e2b2cb2d1857432624d39", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.220219", "name" : "https://vuldb.com/?ctiid.220219", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.220219", "name" : "https://vuldb.com/?ctiid.220219", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220219", "name" : "https://vuldb.com/?id.220219", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220219", "name" : "https://vuldb.com/?id.220219", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The patch is named e05e0104fc42ad13b57e2b2cb2d1857432624d39. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220219. NOTE: This attack is not very likely." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:custom-content-width_project:custom-content-width:1.0:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-02-07T12:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10076", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/dimtion/Shaarlier/commit/3d1d9b239d9b3cd87e8bed45a0f02da583ad371e", "name" : "https://github.com/dimtion/Shaarlier/commit/3d1d9b239d9b3cd87e8bed45a0f02da583ad371e", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/dimtion/Shaarlier/commit/3d1d9b239d9b3cd87e8bed45a0f02da583ad371e", "name" : "https://github.com/dimtion/Shaarlier/commit/3d1d9b239d9b3cd87e8bed45a0f02da583ad371e", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/dimtion/Shaarlier/releases/tag/v1.2.3", "name" : "https://github.com/dimtion/Shaarlier/releases/tag/v1.2.3", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/dimtion/Shaarlier/releases/tag/v1.2.3", "name" : "https://github.com/dimtion/Shaarlier/releases/tag/v1.2.3", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.220453", "name" : "https://vuldb.com/?ctiid.220453", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.220453", "name" : "https://vuldb.com/?ctiid.220453", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220453", "name" : "https://vuldb.com/?id.220453", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220453", "name" : "https://vuldb.com/?id.220453", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The identifier of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:shaarlier_project:shaarlier:*:*:*:*:*:android:*:*", "versionEndExcluding" : "1.2.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-02-09T23:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10077", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/webbuilders-group/silverstripe-kapost-bridge/commit/2e14b0fd0ea35034f90890f364b130fb4645ff35", "name" : "https://github.com/webbuilders-group/silverstripe-kapost-bridge/commit/2e14b0fd0ea35034f90890f364b130fb4645ff35", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/webbuilders-group/silverstripe-kapost-bridge/commit/2e14b0fd0ea35034f90890f364b130fb4645ff35", "name" : "https://github.com/webbuilders-group/silverstripe-kapost-bridge/commit/2e14b0fd0ea35034f90890f364b130fb4645ff35", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/webbuilders-group/silverstripe-kapost-bridge/releases/tag/0.4.0", "name" : "https://github.com/webbuilders-group/silverstripe-kapost-bridge/releases/tag/0.4.0", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/webbuilders-group/silverstripe-kapost-bridge/releases/tag/0.4.0", "name" : "https://github.com/webbuilders-group/silverstripe-kapost-bridge/releases/tag/0.4.0", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.220471", "name" : "https://vuldb.com/?ctiid.220471", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.220471", "name" : "https://vuldb.com/?ctiid.220471", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220471", "name" : "https://vuldb.com/?id.220471", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220471", "name" : "https://vuldb.com/?id.220471", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The patch is named 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webbuildersgroup:silverstripe-kapost-bridge:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-02-10T15:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10078", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/atwellpub/resend-welcome-email/commit/b14c1f66d307783f0ae74f88088a85999107695c", "name" : "https://github.com/atwellpub/resend-welcome-email/commit/b14c1f66d307783f0ae74f88088a85999107695c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/atwellpub/resend-welcome-email/commit/b14c1f66d307783f0ae74f88088a85999107695c", "name" : "https://github.com/atwellpub/resend-welcome-email/commit/b14c1f66d307783f0ae74f88088a85999107695c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/atwellpub/resend-welcome-email/pull/1", "name" : "https://github.com/atwellpub/resend-welcome-email/pull/1", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/atwellpub/resend-welcome-email/pull/1", "name" : "https://github.com/atwellpub/resend-welcome-email/pull/1", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.220637", "name" : "https://vuldb.com/?ctiid.220637", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.220637", "name" : "https://vuldb.com/?ctiid.220637", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220637", "name" : "https://vuldb.com/?id.220637", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220637", "name" : "https://vuldb.com/?id.220637", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in atwellpub Resend Welcome Email Plugin 1.0.1 on WordPress. This issue affects the function send_welcome_email_url of the file resend-welcome-email.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is b14c1f66d307783f0ae74f88088a85999107695c. It is recommended to upgrade the affected component. The identifier VDB-220637 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:resend_welcome_email_project:resend_welcome_email:1.0.1:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-02-12T14:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10079", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/juju2143/walrusirc/commit/45fd885895ae13e8d9b3a71e89d59768914f60af", "name" : "https://github.com/juju2143/walrusirc/commit/45fd885895ae13e8d9b3a71e89d59768914f60af", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/juju2143/walrusirc/commit/45fd885895ae13e8d9b3a71e89d59768914f60af", "name" : "https://github.com/juju2143/walrusirc/commit/45fd885895ae13e8d9b3a71e89d59768914f60af", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/juju2143/walrusirc/releases/tag/0.0.3", "name" : "https://github.com/juju2143/walrusirc/releases/tag/0.0.3", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/juju2143/walrusirc/releases/tag/0.0.3", "name" : "https://github.com/juju2143/walrusirc/releases/tag/0.0.3", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.220751", "name" : "https://vuldb.com/?ctiid.220751", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.220751", "name" : "https://vuldb.com/?ctiid.220751", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220751", "name" : "https://vuldb.com/?id.220751", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.220751", "name" : "https://vuldb.com/?id.220751", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rated as problematic. This issue affects the function parseLinks of the file public/parser.js. The manipulation of the argument text leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.0.3 is able to address this issue. The patch is named 45fd885895ae13e8d9b3a71e89d59768914f60af. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220751." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:walrusirc_project:walrusirc:0.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-02-13T22:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10080", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/NREL/api-umbrella-web/commit/f53a9fb87e10c457f0f3dd4f2af24d3b2f21b3ca", "name" : "https://github.com/NREL/api-umbrella-web/commit/f53a9fb87e10c457f0f3dd4f2af24d3b2f21b3ca", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/NREL/api-umbrella-web/commit/f53a9fb87e10c457f0f3dd4f2af24d3b2f21b3ca", "name" : "https://github.com/NREL/api-umbrella-web/commit/f53a9fb87e10c457f0f3dd4f2af24d3b2f21b3ca", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/NREL/api-umbrella-web/releases/tag/v0.8.0", "name" : "https://github.com/NREL/api-umbrella-web/releases/tag/v0.8.0", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/NREL/api-umbrella-web/releases/tag/v0.8.0", "name" : "https://github.com/NREL/api-umbrella-web/releases/tag/v0.8.0", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.221487", "name" : "https://vuldb.com/?ctiid.221487", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.221487", "name" : "https://vuldb.com/?ctiid.221487", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221487", "name" : "https://vuldb.com/?id.221487", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221487", "name" : "https://vuldb.com/?id.221487", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is able to address this issue. The patch is named f53a9fb87e10c457f0f3dd4f2af24d3b2f21b3ca. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221487." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nrel:api_umbrella:0.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-02-20T10:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10081", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/arnoldle/phplist-plugin-submitByMailPlugin/commit/a739f680a1623d22f52ff1371e86ca472e63756f", "name" : "https://github.com/arnoldle/phplist-plugin-submitByMailPlugin/commit/a739f680a1623d22f52ff1371e86ca472e63756f", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/arnoldle/phplist-plugin-submitByMailPlugin/commit/a739f680a1623d22f52ff1371e86ca472e63756f", "name" : "https://github.com/arnoldle/phplist-plugin-submitByMailPlugin/commit/a739f680a1623d22f52ff1371e86ca472e63756f", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.221495", "name" : "https://vuldb.com/?ctiid.221495", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.221495", "name" : "https://vuldb.com/?ctiid.221495", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221495", "name" : "https://vuldb.com/?id.221495", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221495", "name" : "https://vuldb.com/?id.221495", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file edit_list.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to address this issue. The patch is named a739f680a1623d22f52ff1371e86ca472e63756f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221495." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:submitbymailplugin_project:submitbymailplugin:1.0b2.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-02-20T17:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10082", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/UIKit0/libplist/commit/c086cb139af7c82845f6d565e636073ff4b37440", "name" : "https://github.com/UIKit0/libplist/commit/c086cb139af7c82845f6d565e636073ff4b37440", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/UIKit0/libplist/commit/c086cb139af7c82845f6d565e636073ff4b37440", "name" : "https://github.com/UIKit0/libplist/commit/c086cb139af7c82845f6d565e636073ff4b37440", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.221499", "name" : "https://vuldb.com/?ctiid.221499", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.221499", "name" : "https://vuldb.com/?ctiid.221499", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.221499", "name" : "https://vuldb.com/?id.221499", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.221499", "name" : "https://vuldb.com/?id.221499", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libimobiledevice:libplist:1.12:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-02-21T07:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10083", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/harrystech/dynosaur-rails/commit/04b223813f0e336aab50bff140d0f5889c31dbec", "name" : "https://github.com/harrystech/dynosaur-rails/commit/04b223813f0e336aab50bff140d0f5889c31dbec", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/harrystech/dynosaur-rails/commit/04b223813f0e336aab50bff140d0f5889c31dbec", "name" : "https://github.com/harrystech/dynosaur-rails/commit/04b223813f0e336aab50bff140d0f5889c31dbec", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/harrystech/dynosaur-rails/pull/11", "name" : "https://github.com/harrystech/dynosaur-rails/pull/11", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/harrystech/dynosaur-rails/pull/11", "name" : "https://github.com/harrystech/dynosaur-rails/pull/11", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.221503", "name" : "https://vuldb.com/?ctiid.221503", "refsource" : "", "tags" : [ "Permissions Required", "Press/Media Coverage", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.221503", "name" : "https://vuldb.com/?ctiid.221503", "refsource" : "", "tags" : [ "Permissions Required", "Press/Media Coverage", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.221503", "name" : "https://vuldb.com/?id.221503", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.221503", "name" : "https://vuldb.com/?id.221503", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 04b223813f0e336aab50bff140d0f5889c31dbec. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221503." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:harrys:dynosaur-rails:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-09-15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-02-21T15:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10084", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/irontec/klear-library/commit/b25262de52fdaffde2a4434fc2a84408b304fbc5", "name" : "https://github.com/irontec/klear-library/commit/b25262de52fdaffde2a4434fc2a84408b304fbc5", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/irontec/klear-library/commit/b25262de52fdaffde2a4434fc2a84408b304fbc5", "name" : "https://github.com/irontec/klear-library/commit/b25262de52fdaffde2a4434fc2a84408b304fbc5", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/irontec/klear-library/tree/marla", "name" : "https://github.com/irontec/klear-library/tree/marla", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/irontec/klear-library/tree/marla", "name" : "https://github.com/irontec/klear-library/tree/marla", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.221504", "name" : "https://vuldb.com/?ctiid.221504", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.221504", "name" : "https://vuldb.com/?ctiid.221504", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.221504", "name" : "https://vuldb.com/?id.221504", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.221504", "name" : "https://vuldb.com/?id.221504", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function _prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of the patch is b25262de52fdaffde2a4434fc2a84408b304fbc5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221504." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:irontec:klear-library:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-10-15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-02-21T15:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10085", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/gopistolet/gopistolet/commit/b91aa4674d460993765884e8463c70e6d886bc90", "name" : "https://github.com/gopistolet/gopistolet/commit/b91aa4674d460993765884e8463c70e6d886bc90", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/gopistolet/gopistolet/commit/b91aa4674d460993765884e8463c70e6d886bc90", "name" : "https://github.com/gopistolet/gopistolet/commit/b91aa4674d460993765884e8463c70e6d886bc90", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/gopistolet/gopistolet/pull/27", "name" : "https://github.com/gopistolet/gopistolet/pull/27", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/gopistolet/gopistolet/pull/27", "name" : "https://github.com/gopistolet/gopistolet/pull/27", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.221506", "name" : "https://vuldb.com/?ctiid.221506", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.221506", "name" : "https://vuldb.com/?ctiid.221506", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221506", "name" : "https://vuldb.com/?id.221506", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221506", "name" : "https://vuldb.com/?id.221506", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gopistolet_project:gopistolet:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-10-27", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2023-02-21T18:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10086", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/OpenCycleCompass/server-php/commit/fa0d9bcf81c711a88172ad0d37a842f029ac3782", "name" : "https://github.com/OpenCycleCompass/server-php/commit/fa0d9bcf81c711a88172ad0d37a842f029ac3782", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/OpenCycleCompass/server-php/commit/fa0d9bcf81c711a88172ad0d37a842f029ac3782", "name" : "https://github.com/OpenCycleCompass/server-php/commit/fa0d9bcf81c711a88172ad0d37a842f029ac3782", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.221808", "name" : "https://vuldb.com/?ctiid.221808", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.221808", "name" : "https://vuldb.com/?ctiid.221808", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221808", "name" : "https://vuldb.com/?id.221808", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221808", "name" : "https://vuldb.com/?id.221808", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:server-php_project:server-php:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-02-03", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-02-28T00:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10087", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/CCrashBandicot/exploit/commit/53f6ae62878076f99718e5feb589928e83c879a9", "name" : "https://github.com/CCrashBandicot/exploit/commit/53f6ae62878076f99718e5feb589928e83c879a9", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/CCrashBandicot/exploit/commit/53f6ae62878076f99718e5feb589928e83c879a9", "name" : "https://github.com/CCrashBandicot/exploit/commit/53f6ae62878076f99718e5feb589928e83c879a9", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://support.alertlogic.com/hc/en-us/articles/360028203692-WordPress-Theme-DesignFolio-Plus-1-2-upload-file-php-Arbitrary-File-Upload", "name" : "https://support.alertlogic.com/hc/en-us/articles/360028203692-WordPress-Theme-DesignFolio-Plus-1-2-upload-file-php-Arbitrary-File-Upload", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://support.alertlogic.com/hc/en-us/articles/360028203692-WordPress-Theme-DesignFolio-Plus-1-2-upload-file-php-Arbitrary-File-Upload", "name" : "https://support.alertlogic.com/hc/en-us/articles/360028203692-WordPress-Theme-DesignFolio-Plus-1-2-upload-file-php-Arbitrary-File-Upload", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.221809", "name" : "https://vuldb.com/?ctiid.221809", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.221809", "name" : "https://vuldb.com/?ctiid.221809", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221809", "name" : "https://vuldb.com/?id.221809", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221809", "name" : "https://vuldb.com/?id.221809", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/36372", "name" : "https://www.exploit-db.com/exploits/36372", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36372", "name" : "https://www.exploit-db.com/exploits/36372", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:upthemes:designfolio-plus:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-03-07T15:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10088", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046", "name" : "https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046", "name" : "https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://sourceforge.net/p/ayttm/mailman/message/34397158/", "name" : "https://sourceforge.net/p/ayttm/mailman/message/34397158/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://sourceforge.net/p/ayttm/mailman/message/34397158/", "name" : "https://sourceforge.net/p/ayttm/mailman/message/34397158/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.222267", "name" : "https://vuldb.com/?ctiid.222267", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.222267", "name" : "https://vuldb.com/?ctiid.222267", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.222267", "name" : "https://vuldb.com/?id.222267", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.222267", "name" : "https://vuldb.com/?id.222267", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ayttm_project:ayttm:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.5.0-89", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 } }, "publishedDate" : "2023-03-05T05:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10089", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/flamejs/flame.js/commit/e6c49b5f6179e31a534b7c3264e1d36aa99728ac", "name" : "https://github.com/flamejs/flame.js/commit/e6c49b5f6179e31a534b7c3264e1d36aa99728ac", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/flamejs/flame.js/commit/e6c49b5f6179e31a534b7c3264e1d36aa99728ac", "name" : "https://github.com/flamejs/flame.js/commit/e6c49b5f6179e31a534b7c3264e1d36aa99728ac", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/flamejs/flame.js/pull/209", "name" : "https://github.com/flamejs/flame.js/pull/209", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/flamejs/flame.js/pull/209", "name" : "https://github.com/flamejs/flame.js/pull/209", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.222291", "name" : "https://vuldb.com/?ctiid.222291", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.222291", "name" : "https://vuldb.com/?ctiid.222291", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.222291", "name" : "https://vuldb.com/?id.222291", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.222291", "name" : "https://vuldb.com/?id.222291", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in flame.js. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named e6c49b5f6179e31a534b7c3264e1d36aa99728ac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222291." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:flame.js_project:flame.js:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-04-22", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-03-05T14:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10090", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/landing-pages/commit/c8e22c1340c11fedfb0a0a67ea690421bdb62b94", "name" : "https://github.com/wp-plugins/landing-pages/commit/c8e22c1340c11fedfb0a0a67ea690421bdb62b94", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/landing-pages/commit/c8e22c1340c11fedfb0a0a67ea690421bdb62b94", "name" : "https://github.com/wp-plugins/landing-pages/commit/c8e22c1340c11fedfb0a0a67ea690421bdb62b94", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/landing-pages/releases/tag/1.8.8", "name" : "https://github.com/wp-plugins/landing-pages/releases/tag/1.8.8", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/landing-pages/releases/tag/1.8.8", "name" : "https://github.com/wp-plugins/landing-pages/releases/tag/1.8.8", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.222320", "name" : "https://vuldb.com/?ctiid.222320", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.222320", "name" : "https://vuldb.com/?ctiid.222320", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.222320", "name" : "https://vuldb.com/?id.222320", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.222320", "name" : "https://vuldb.com/?id.222320", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:inboundnow:landing-pages:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.8.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-03-06T00:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10091", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/bywatersolutions/bywater-koha-xslt/commit/9513b93c828dfbc4413f9e0df63647401aaf4e58", "name" : "https://github.com/bywatersolutions/bywater-koha-xslt/commit/9513b93c828dfbc4413f9e0df63647401aaf4e58", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/bywatersolutions/bywater-koha-xslt/commit/9513b93c828dfbc4413f9e0df63647401aaf4e58", "name" : "https://github.com/bywatersolutions/bywater-koha-xslt/commit/9513b93c828dfbc4413f9e0df63647401aaf4e58", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.222322", "name" : "https://vuldb.com/?ctiid.222322", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.222322", "name" : "https://vuldb.com/?ctiid.222322", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.222322", "name" : "https://vuldb.com/?id.222322", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.222322", "name" : "https://vuldb.com/?id.222322", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bywatersolutions:bywater-koha-xslt:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-07-21", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2023-03-06T04:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10092", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/qtranslate-slug/commit/74b3932696f9868e14563e51b7d0bb68c53bf5e4", "name" : "https://github.com/wp-plugins/qtranslate-slug/commit/74b3932696f9868e14563e51b7d0bb68c53bf5e4", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/qtranslate-slug/commit/74b3932696f9868e14563e51b7d0bb68c53bf5e4", "name" : "https://github.com/wp-plugins/qtranslate-slug/commit/74b3932696f9868e14563e51b7d0bb68c53bf5e4", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/qtranslate-slug/releases/tag/1.1.17", "name" : "https://github.com/wp-plugins/qtranslate-slug/releases/tag/1.1.17", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/qtranslate-slug/releases/tag/1.1.17", "name" : "https://github.com/wp-plugins/qtranslate-slug/releases/tag/1.1.17", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.222324", "name" : "https://vuldb.com/?ctiid.222324", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.222324", "name" : "https://vuldb.com/?ctiid.222324", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.222324", "name" : "https://vuldb.com/?id.222324", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.222324", "name" : "https://vuldb.com/?id.222324", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16 on WordPress. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qtranslate_slug_project:qtranslate_slug:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.17", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-03-06T06:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10093", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/korobochkin/mark-user-as-spammer/commit/e7059727274d2767c240c55c02c163eaa4ba6c62", "name" : "https://github.com/korobochkin/mark-user-as-spammer/commit/e7059727274d2767c240c55c02c163eaa4ba6c62", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/korobochkin/mark-user-as-spammer/commit/e7059727274d2767c240c55c02c163eaa4ba6c62", "name" : "https://github.com/korobochkin/mark-user-as-spammer/commit/e7059727274d2767c240c55c02c163eaa4ba6c62", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/korobochkin/mark-user-as-spammer/releases/tag/v1.0.2", "name" : "https://github.com/korobochkin/mark-user-as-spammer/releases/tag/v1.0.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/korobochkin/mark-user-as-spammer/releases/tag/v1.0.2", "name" : "https://github.com/korobochkin/mark-user-as-spammer/releases/tag/v1.0.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.222325", "name" : "https://vuldb.com/?ctiid.222325", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.222325", "name" : "https://vuldb.com/?ctiid.222325", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.222325", "name" : "https://vuldb.com/?id.222325", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.222325", "name" : "https://vuldb.com/?id.222325", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mark_user_as_spammer_project:mark_user_as_spammer:1.0.0:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mark_user_as_spammer_project:mark_user_as_spammer:1.0.1:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2023-03-06T07:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10094", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656", "name" : "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656", "name" : "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/fastly/releases/tag/0.98", "name" : "https://github.com/wp-plugins/fastly/releases/tag/0.98", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/fastly/releases/tag/0.98", "name" : "https://github.com/wp-plugins/fastly/releases/tag/0.98", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.222326", "name" : "https://vuldb.com/?ctiid.222326", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.222326", "name" : "https://vuldb.com/?ctiid.222326", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.222326", "name" : "https://vuldb.com/?id.222326", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.222326", "name" : "https://vuldb.com/?id.222326", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fastly:fastly:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "0.98", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-03-06T15:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10095", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/woo-popup/commit/7c76ac78f3e16015991b612ff4fa616af4ce9292", "name" : "https://github.com/wp-plugins/woo-popup/commit/7c76ac78f3e16015991b612ff4fa616af4ce9292", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/woo-popup/commit/7c76ac78f3e16015991b612ff4fa616af4ce9292", "name" : "https://github.com/wp-plugins/woo-popup/commit/7c76ac78f3e16015991b612ff4fa616af4ce9292", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/woo-popup/releases/tag/1.3.0", "name" : "https://github.com/wp-plugins/woo-popup/releases/tag/1.3.0", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/woo-popup/releases/tag/1.3.0", "name" : "https://github.com/wp-plugins/woo-popup/releases/tag/1.3.0", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.222327", "name" : "https://vuldb.com/?ctiid.222327", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.222327", "name" : "https://vuldb.com/?ctiid.222327", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.222327", "name" : "https://vuldb.com/?id.222327", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.222327", "name" : "https://vuldb.com/?id.222327", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2 on WordPress. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. The patch is named 7c76ac78f3e16015991b612ff4fa616af4ce9292. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222327." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:woo-popup_project:woo-popup:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-03-06T21:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10096", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Zarthus/irc-twitter-bot/commit/6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3", "name" : "https://github.com/Zarthus/irc-twitter-bot/commit/6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/Zarthus/irc-twitter-bot/commit/6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3", "name" : "https://github.com/Zarthus/irc-twitter-bot/commit/6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/Zarthus/irc-twitter-bot/releases/tag/v1.1.1", "name" : "https://github.com/Zarthus/irc-twitter-bot/releases/tag/v1.1.1", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/Zarthus/irc-twitter-bot/releases/tag/v1.1.1", "name" : "https://github.com/Zarthus/irc-twitter-bot/releases/tag/v1.1.1", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.223383", "name" : "https://vuldb.com/?ctiid.223383", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.223383", "name" : "https://vuldb.com/?ctiid.223383", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.223383", "name" : "https://vuldb.com/?id.223383", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.223383", "name" : "https://vuldb.com/?id.223383", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.1.1 is able to address this issue. The patch is named 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:irc_twitter_announcer_bot_project:irc_twitter_announcer_bot:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 } }, "publishedDate" : "2023-03-20T05:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10097", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/grinnellplans/grinnellplans-php/commit/57e4409e19203a94495140ff1b5a697734d17cfb", "name" : "https://github.com/grinnellplans/grinnellplans-php/commit/57e4409e19203a94495140ff1b5a697734d17cfb", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/grinnellplans/grinnellplans-php/commit/57e4409e19203a94495140ff1b5a697734d17cfb", "name" : "https://github.com/grinnellplans/grinnellplans-php/commit/57e4409e19203a94495140ff1b5a697734d17cfb", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.223801", "name" : "https://vuldb.com/?ctiid.223801", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.223801", "name" : "https://vuldb.com/?ctiid.223801", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.223801", "name" : "https://vuldb.com/?id.223801", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.223801", "name" : "https://vuldb.com/?id.223801", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. The identifier of the patch is 57e4409e19203a94495140ff1b5a697734d17cfb. It is recommended to apply a patch to fix this issue. The identifier VDB-223801 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:grinnellplans:grinnellplans:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-03-25T18:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10098", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/broken-link-checker/commit/f30638869e281461b87548e40b517738b4350e47", "name" : "https://github.com/wp-plugins/broken-link-checker/commit/f30638869e281461b87548e40b517738b4350e47", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/broken-link-checker/commit/f30638869e281461b87548e40b517738b4350e47", "name" : "https://github.com/wp-plugins/broken-link-checker/commit/f30638869e281461b87548e40b517738b4350e47", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/broken-link-checker/releases/tag/1.10.6", "name" : "https://github.com/wp-plugins/broken-link-checker/releases/tag/1.10.6", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/broken-link-checker/releases/tag/1.10.6", "name" : "https://github.com/wp-plugins/broken-link-checker/releases/tag/1.10.6", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.225152", "name" : "https://vuldb.com/?ctiid.225152", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.225152", "name" : "https://vuldb.com/?ctiid.225152", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225152", "name" : "https://vuldb.com/?id.225152", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225152", "name" : "https://vuldb.com/?id.225152", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpmudev:broken_link_checker:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.10.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-04-08T09:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10099", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/cp-appointment-calendar/commit/e29a9cdbcb0f37d887dd302a05b9e8bf213da01d", "name" : "https://github.com/wp-plugins/cp-appointment-calendar/commit/e29a9cdbcb0f37d887dd302a05b9e8bf213da01d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/cp-appointment-calendar/commit/e29a9cdbcb0f37d887dd302a05b9e8bf213da01d", "name" : "https://github.com/wp-plugins/cp-appointment-calendar/commit/e29a9cdbcb0f37d887dd302a05b9e8bf213da01d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.225351", "name" : "https://vuldb.com/?ctiid.225351", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.225351", "name" : "https://vuldb.com/?ctiid.225351", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225351", "name" : "https://vuldb.com/?id.225351", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225351", "name" : "https://vuldb.com/?id.225351", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5 on WordPress. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The patch is named e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codepeople:cp_appointment_calendar:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.1.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-04-10T12:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10100", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/dynamic-widgets/commit/d0a19c6efcdc86d7093b369bc9e29a0629e57795", "name" : "https://github.com/wp-plugins/dynamic-widgets/commit/d0a19c6efcdc86d7093b369bc9e29a0629e57795", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/dynamic-widgets/commit/d0a19c6efcdc86d7093b369bc9e29a0629e57795", "name" : "https://github.com/wp-plugins/dynamic-widgets/commit/d0a19c6efcdc86d7093b369bc9e29a0629e57795", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/dynamic-widgets/releases/tag/1.5.11", "name" : "https://github.com/wp-plugins/dynamic-widgets/releases/tag/1.5.11", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/dynamic-widgets/releases/tag/1.5.11", "name" : "https://github.com/wp-plugins/dynamic-widgets/releases/tag/1.5.11", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.225353", "name" : "https://vuldb.com/?ctiid.225353", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.225353", "name" : "https://vuldb.com/?ctiid.225353", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225353", "name" : "https://vuldb.com/?id.225353", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225353", "name" : "https://vuldb.com/?id.225353", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The identifier of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vivwebsolutions:dynamic_widgets:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.5.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-04-10T18:15Z", "lastModifiedDate" : "2024-11-27T20:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10101", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/google-analytics-top-posts-widget/commit/25bb1dea113716200a6f0f3135801d84a7a65540", "name" : "https://github.com/wp-plugins/google-analytics-top-posts-widget/commit/25bb1dea113716200a6f0f3135801d84a7a65540", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/google-analytics-top-posts-widget/commit/25bb1dea113716200a6f0f3135801d84a7a65540", "name" : "https://github.com/wp-plugins/google-analytics-top-posts-widget/commit/25bb1dea113716200a6f0f3135801d84a7a65540", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.226117", "name" : "https://vuldb.com/?ctiid.226117", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.226117", "name" : "https://vuldb.com/?ctiid.226117", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.226117", "name" : "https://vuldb.com/?id.226117", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.226117", "name" : "https://vuldb.com/?id.226117", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The identifier of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google_analytics_top_content_widget_project:google_analytics_top_content_widget:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.5.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-04-15T21:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10102", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/freshdesk-support/commit/2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b", "name" : "https://github.com/wp-plugins/freshdesk-support/commit/2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/freshdesk-support/commit/2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b", "name" : "https://github.com/wp-plugins/freshdesk-support/commit/2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.226118", "name" : "https://vuldb.com/?ctiid.226118", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.226118", "name" : "https://vuldb.com/?ctiid.226118", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.226118", "name" : "https://vuldb.com/?id.226118", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.226118", "name" : "https://vuldb.com/?id.226118", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The patch is identified as 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b. It is recommended to upgrade the affected component. VDB-226118 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freshworks:freshdesk:1.7:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-04-17T18:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10103", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/InternalError503/forget-it/commit/adf0c7fd59b9c935b4fd675c556265620124999c", "name" : "https://github.com/InternalError503/forget-it/commit/adf0c7fd59b9c935b4fd675c556265620124999c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/InternalError503/forget-it/commit/adf0c7fd59b9c935b4fd675c556265620124999c", "name" : "https://github.com/InternalError503/forget-it/commit/adf0c7fd59b9c935b4fd675c556265620124999c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/InternalError503/forget-it/releases/tag/1.4", "name" : "https://github.com/InternalError503/forget-it/releases/tag/1.4", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/InternalError503/forget-it/releases/tag/1.4", "name" : "https://github.com/InternalError503/forget-it/releases/tag/1.4", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.226119", "name" : "https://vuldb.com/?ctiid.226119", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.226119", "name" : "https://vuldb.com/?ctiid.226119", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.226119", "name" : "https://vuldb.com/?id.226119", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.226119", "name" : "https://vuldb.com/?id.226119", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infinite loop. It is possible to launch the attack on the local host. Upgrading to version 1.4 is able to address this issue. The patch is named adf0c7fd59b9c935b4fd675c556265620124999c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226119." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:forget_it_project:forget_it:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2023-04-17T19:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10104", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/icons-for-features/commit/63124c021ae24b68e56872530df26eb4268ad633", "name" : "https://github.com/wp-plugins/icons-for-features/commit/63124c021ae24b68e56872530df26eb4268ad633", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/icons-for-features/commit/63124c021ae24b68e56872530df26eb4268ad633", "name" : "https://github.com/wp-plugins/icons-for-features/commit/63124c021ae24b68e56872530df26eb4268ad633", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/icons-for-features/releases/tag/1.0.1", "name" : "https://github.com/wp-plugins/icons-for-features/releases/tag/1.0.1", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/icons-for-features/releases/tag/1.0.1", "name" : "https://github.com/wp-plugins/icons-for-features/releases/tag/1.0.1", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.227756", "name" : "https://vuldb.com/?ctiid.227756", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.227756", "name" : "https://vuldb.com/?ctiid.227756", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.227756", "name" : "https://vuldb.com/?id.227756", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.227756", "name" : "https://vuldb.com/?id.227756", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:woocommerce:icons_for_features:1.0.0:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-04-30T21:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10105", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/ip-blacklist-cloud/commit/6e6fe8c6fda7cbc252eef083105e08d759c07312", "name" : "https://github.com/wp-plugins/ip-blacklist-cloud/commit/6e6fe8c6fda7cbc252eef083105e08d759c07312", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/ip-blacklist-cloud/commit/6e6fe8c6fda7cbc252eef083105e08d759c07312", "name" : "https://github.com/wp-plugins/ip-blacklist-cloud/commit/6e6fe8c6fda7cbc252eef083105e08d759c07312", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/ip-blacklist-cloud/releases/tag/3.43", "name" : "https://github.com/wp-plugins/ip-blacklist-cloud/releases/tag/3.43", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/ip-blacklist-cloud/releases/tag/3.43", "name" : "https://github.com/wp-plugins/ip-blacklist-cloud/releases/tag/3.43", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.227757", "name" : "https://vuldb.com/?ctiid.227757", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.227757", "name" : "https://vuldb.com/?ctiid.227757", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.227757", "name" : "https://vuldb.com/?id.227757", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.227757", "name" : "https://vuldb.com/?id.227757", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The identifier of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ip-finder:ip_blacklist_cloud:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.42", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-05-01T02:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10106", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mback2k/mh_httpbl/commit/429f50f4e4795b20dae06735b41fb94f010722bf", "name" : "https://github.com/mback2k/mh_httpbl/commit/429f50f4e4795b20dae06735b41fb94f010722bf", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mback2k/mh_httpbl/commit/429f50f4e4795b20dae06735b41fb94f010722bf", "name" : "https://github.com/mback2k/mh_httpbl/commit/429f50f4e4795b20dae06735b41fb94f010722bf", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mback2k/mh_httpbl/releases/tag/mh_httpbl_1.1.8_security", "name" : "https://github.com/mback2k/mh_httpbl/releases/tag/mh_httpbl_1.1.8_security", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/mback2k/mh_httpbl/releases/tag/mh_httpbl_1.1.8_security", "name" : "https://github.com/mback2k/mh_httpbl/releases/tag/mh_httpbl_1.1.8_security", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://typo3.org/article/typo3-ext-sa-2015-021", "name" : "https://typo3.org/article/typo3-ext-sa-2015-021", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://typo3.org/article/typo3-ext-sa-2015-021", "name" : "https://typo3.org/article/typo3-ext-sa-2015-021", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.230086", "name" : "https://vuldb.com/?ctiid.230086", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.230086", "name" : "https://vuldb.com/?ctiid.230086", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.230086", "name" : "https://vuldb.com/?id.230086", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.230086", "name" : "https://vuldb.com/?id.230086", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The patch is identified as 429f50f4e4795b20dae06735b41fb94f010722bf. It is recommended to upgrade the affected component. VDB-230086 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mh_httpbl_project:mh_httpbl:*:*:*:*:*:typo3:*:*", "versionEndExcluding" : "1.1.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-05-28T13:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10107", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/simplr-registration-form/commit/d588446844dd49232ab400ef213ff5b92121c33e", "name" : "https://github.com/wp-plugins/simplr-registration-form/commit/d588446844dd49232ab400ef213ff5b92121c33e", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/simplr-registration-form/commit/d588446844dd49232ab400ef213ff5b92121c33e", "name" : "https://github.com/wp-plugins/simplr-registration-form/commit/d588446844dd49232ab400ef213ff5b92121c33e", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.230153", "name" : "https://vuldb.com/?ctiid.230153", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.230153", "name" : "https://vuldb.com/?ctiid.230153", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.230153", "name" : "https://vuldb.com/?id.230153", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.230153", "name" : "https://vuldb.com/?id.230153", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:simplr_registration_form_plus\\+_project:simplr_registration_form_plus\\+:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.3.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-05-31T03:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10108", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/inline-google-spreadsheet-viewer/commit/2a8057df8ca30adc859cecbe5cad21ac28c5b747", "name" : "https://github.com/wp-plugins/inline-google-spreadsheet-viewer/commit/2a8057df8ca30adc859cecbe5cad21ac28c5b747", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/inline-google-spreadsheet-viewer/commit/2a8057df8ca30adc859cecbe5cad21ac28c5b747", "name" : "https://github.com/wp-plugins/inline-google-spreadsheet-viewer/commit/2a8057df8ca30adc859cecbe5cad21ac28c5b747", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/inline-google-spreadsheet-viewer/releases/tag/0.9.6.1", "name" : "https://github.com/wp-plugins/inline-google-spreadsheet-viewer/releases/tag/0.9.6.1", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/inline-google-spreadsheet-viewer/releases/tag/0.9.6.1", "name" : "https://github.com/wp-plugins/inline-google-spreadsheet-viewer/releases/tag/0.9.6.1", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.230234", "name" : "https://vuldb.com/?ctiid.230234", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.230234", "name" : "https://vuldb.com/?ctiid.230234", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230234", "name" : "https://vuldb.com/?id.230234", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230234", "name" : "https://vuldb.com/?id.230234", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The patch is identified as 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:inline_google_spreadsheet_viewer_project:inline_google_spreadsheet_viewer:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "0.9.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-05-31T19:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10109", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/commit/ee28e91f4d5404905204c43b7b84a8ffecad932e", "name" : "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/commit/ee28e91f4d5404905204c43b7b84a8ffecad932e", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/commit/ee28e91f4d5404905204c43b7b84a8ffecad932e", "name" : "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/commit/ee28e91f4d5404905204c43b7b84a8ffecad932e", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/releases/tag/1.137", "name" : "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/releases/tag/1.137", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/releases/tag/1.137", "name" : "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/releases/tag/1.137", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.230264", "name" : "https://vuldb.com/?ctiid.230264", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.230264", "name" : "https://vuldb.com/?ctiid.230264", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230264", "name" : "https://vuldb.com/?id.230264", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230264", "name" : "https://vuldb.com/?id.230264", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230264." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cincopa:video_and_media_plug-in:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.137", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-06-01T13:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10110", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/tinychat-roomspy/commit/ab72627a963d61fb3bc31018e3855b08dc94a979", "name" : "https://github.com/wp-plugins/tinychat-roomspy/commit/ab72627a963d61fb3bc31018e3855b08dc94a979", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/tinychat-roomspy/commit/ab72627a963d61fb3bc31018e3855b08dc94a979", "name" : "https://github.com/wp-plugins/tinychat-roomspy/commit/ab72627a963d61fb3bc31018e3855b08dc94a979", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.230392", "name" : "https://vuldb.com/?ctiid.230392", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.230392", "name" : "https://vuldb.com/?ctiid.230392", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230392", "name" : "https://vuldb.com/?id.230392", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230392", "name" : "https://vuldb.com/?id.230392", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in ruddernation TinyChat Room Spy Plugin up to 1.2.8 on WordPress. This vulnerability affects the function wp_show_room_spy of the file room-spy.php. The manipulation of the argument room leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.9 is able to address this issue. The name of the patch is ab72627a963d61fb3bc31018e3855b08dc94a979. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230392." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tinychat:room_spy:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-06-02T00:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10111", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/watu/commit/bf42e7cfd819a3e76cf3e1465697e89f4830590c", "name" : "https://github.com/wp-plugins/watu/commit/bf42e7cfd819a3e76cf3e1465697e89f4830590c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/watu/commit/bf42e7cfd819a3e76cf3e1465697e89f4830590c", "name" : "https://github.com/wp-plugins/watu/commit/bf42e7cfd819a3e76cf3e1465697e89f4830590c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.230651", "name" : "https://vuldb.com/?ctiid.230651", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.230651", "name" : "https://vuldb.com/?ctiid.230651", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230651", "name" : "https://vuldb.com/?id.230651", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230651", "name" : "https://vuldb.com/?id.230651", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. Upgrading to version 2.6.8 is able to address this issue. The patch is named bf42e7cfd819a3e76cf3e1465697e89f4830590c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230651." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kibokolabs:watu_quiz:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.6.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-06-04T12:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10112", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/wooframework-branding/commit/f12fccd7b5eaf66442346f748c901ef504742f78", "name" : "https://github.com/wp-plugins/wooframework-branding/commit/f12fccd7b5eaf66442346f748c901ef504742f78", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/wooframework-branding/commit/f12fccd7b5eaf66442346f748c901ef504742f78", "name" : "https://github.com/wp-plugins/wooframework-branding/commit/f12fccd7b5eaf66442346f748c901ef504742f78", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.230652", "name" : "https://vuldb.com/?ctiid.230652", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.230652", "name" : "https://vuldb.com/?ctiid.230652", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230652", "name" : "https://vuldb.com/?id.230652", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230652", "name" : "https://vuldb.com/?id.230652", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:woocommerce:wooframework_branding:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-06-05T08:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10113", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/wooframework-tweaks/commit/3b57d405149c1a59d1119da6e0bb8212732c9c88", "name" : "https://github.com/wp-plugins/wooframework-tweaks/commit/3b57d405149c1a59d1119da6e0bb8212732c9c88", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/wooframework-tweaks/commit/3b57d405149c1a59d1119da6e0bb8212732c9c88", "name" : "https://github.com/wp-plugins/wooframework-tweaks/commit/3b57d405149c1a59d1119da6e0bb8212732c9c88", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.230653", "name" : "https://vuldb.com/?ctiid.230653", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.230653", "name" : "https://vuldb.com/?ctiid.230653", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.230653", "name" : "https://vuldb.com/?id.230653", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.230653", "name" : "https://vuldb.com/?id.230653", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is 3b57d405149c1a59d1119da6e0bb8212732c9c88. It is recommended to upgrade the affected component. The identifier VDB-230653 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:woocommerce:wooframework_tweaks:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-06-05T16:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10114", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/woosidebars/commit/1ac6d6ac26e185673f95fc1ccc56a392169ba601", "name" : "https://github.com/wp-plugins/woosidebars/commit/1ac6d6ac26e185673f95fc1ccc56a392169ba601", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/woosidebars/commit/1ac6d6ac26e185673f95fc1ccc56a392169ba601", "name" : "https://github.com/wp-plugins/woosidebars/commit/1ac6d6ac26e185673f95fc1ccc56a392169ba601", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.230654", "name" : "https://vuldb.com/?ctiid.230654", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.230654", "name" : "https://vuldb.com/?ctiid.230654", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.230654", "name" : "https://vuldb.com/?id.230654", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.230654", "name" : "https://vuldb.com/?id.230654", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes/class-woo-sidebars.php. The manipulation of the argument sendback leads to open redirect. The attack may be launched remotely. Upgrading to version 1.4.2 is able to address this issue. The patch is identified as 1ac6d6ac26e185673f95fc1ccc56a392169ba601. It is recommended to upgrade the affected component. VDB-230654 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:woocommerce:woosidebars:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.4.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-06-05T16:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10115", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/woosidebars-sbm-converter/commit/a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a", "name" : "https://github.com/wp-plugins/woosidebars-sbm-converter/commit/a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/woosidebars-sbm-converter/commit/a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a", "name" : "https://github.com/wp-plugins/woosidebars-sbm-converter/commit/a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.230655", "name" : "https://vuldb.com/?ctiid.230655", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.230655", "name" : "https://vuldb.com/?ctiid.230655", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230655", "name" : "https://vuldb.com/?id.230655", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230655", "name" : "https://vuldb.com/?id.230655", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function process_request of the file classes/class-woosidebars-sbm-converter.php. The manipulation leads to open redirect. It is possible to initiate the attack remotely. Upgrading to version 1.1.2 is able to address this issue. The patch is named a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230655." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:woocommerce:sidebar_manager_to_woosidebars_converter:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-06-05T18:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10116", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/favicon-by-realfavicongenerator/commit/949a1ae7216216350458844f50a72f100b56d4e7", "name" : "https://github.com/wp-plugins/favicon-by-realfavicongenerator/commit/949a1ae7216216350458844f50a72f100b56d4e7", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/favicon-by-realfavicongenerator/commit/949a1ae7216216350458844f50a72f100b56d4e7", "name" : "https://github.com/wp-plugins/favicon-by-realfavicongenerator/commit/949a1ae7216216350458844f50a72f100b56d4e7", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.230661", "name" : "https://vuldb.com/?ctiid.230661", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.230661", "name" : "https://vuldb.com/?ctiid.230661", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.230661", "name" : "https://vuldb.com/?id.230661", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.230661", "name" : "https://vuldb.com/?id.230661", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. The identifier of the patch is 949a1ae7216216350458844f50a72f100b56d4e7. It is recommended to upgrade the affected component. The identifier VDB-230661 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realfavicongenerator:favicon_by_realfavicongenerator:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.2.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-06-06T01:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10117", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/gravity-forms-dps-pxpay/commit/5966a5e6343e3d5610bdfa126a5cfbae95e629b6", "name" : "https://github.com/wp-plugins/gravity-forms-dps-pxpay/commit/5966a5e6343e3d5610bdfa126a5cfbae95e629b6", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/gravity-forms-dps-pxpay/commit/5966a5e6343e3d5610bdfa126a5cfbae95e629b6", "name" : "https://github.com/wp-plugins/gravity-forms-dps-pxpay/commit/5966a5e6343e3d5610bdfa126a5cfbae95e629b6", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/gravity-forms-dps-pxpay/releases/tag/1.4.3", "name" : "https://github.com/wp-plugins/gravity-forms-dps-pxpay/releases/tag/1.4.3", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/wp-plugins/gravity-forms-dps-pxpay/releases/tag/1.4.3", "name" : "https://github.com/wp-plugins/gravity-forms-dps-pxpay/releases/tag/1.4.3", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.230664", "name" : "https://vuldb.com/?ctiid.230664", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.230664", "name" : "https://vuldb.com/?ctiid.230664", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.230664", "name" : "https://vuldb.com/?id.230664", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.230664", "name" : "https://vuldb.com/?id.230664", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 5966a5e6343e3d5610bdfa126a5cfbae95e629b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230664." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webaware:gf_windcave_free:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.4.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-06-06T02:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10118", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/wp-copyprotect/commit/8b8fe4102886b326330dc1ff06b17313fb10aee5", "name" : "https://github.com/wp-plugins/wp-copyprotect/commit/8b8fe4102886b326330dc1ff06b17313fb10aee5", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/wp-copyprotect/commit/8b8fe4102886b326330dc1ff06b17313fb10aee5", "name" : "https://github.com/wp-plugins/wp-copyprotect/commit/8b8fe4102886b326330dc1ff06b17313fb10aee5", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.231202", "name" : "https://vuldb.com/?ctiid.231202", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.231202", "name" : "https://vuldb.com/?ctiid.231202", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.231202", "name" : "https://vuldb.com/?id.231202", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.231202", "name" : "https://vuldb.com/?id.231202", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in cchetanonline WP-CopyProtect up to 3.0.0. This vulnerability affects the function CopyProtect_options_page of the file wp-copyprotect.php. The manipulation of the argument CopyProtect_nrc_text leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.1.0 is able to address this issue. The patch is identified as 8b8fe4102886b326330dc1ff06b17313fb10aee5. It is recommended to upgrade the affected component. VDB-231202 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wp-copyprotect_project:wp-copyprotect:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-06-12T07:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10119", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/view-all-posts-pages/commit/bf914f3a59063fa4df8fd4925ae18a5d852396d7", "name" : "https://github.com/wp-plugins/view-all-posts-pages/commit/bf914f3a59063fa4df8fd4925ae18a5d852396d7", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/view-all-posts-pages/commit/bf914f3a59063fa4df8fd4925ae18a5d852396d7", "name" : "https://github.com/wp-plugins/view-all-posts-pages/commit/bf914f3a59063fa4df8fd4925ae18a5d852396d7", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.233363", "name" : "https://vuldb.com/?ctiid.233363", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.233363", "name" : "https://vuldb.com/?ctiid.233363", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.233363", "name" : "https://vuldb.com/?id.233363", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.233363", "name" : "https://vuldb.com/?id.233363", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function action_admin_notices_activation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is named bf914f3a59063fa4df8fd4925ae18a5d852396d7. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-233363." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oomphinc:view_all_post\\'s_pages:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "0.9.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-07-10T16:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1012", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:pfizer:lifecare_pca_infusion_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:pfizer:lifecare_pca_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-25T19:29Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10120", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/wds-multisite-aggregate/commit/49e0bbcb6ff70e561365d9e0d26426598f63ca12", "name" : "https://github.com/wp-plugins/wds-multisite-aggregate/commit/49e0bbcb6ff70e561365d9e0d26426598f63ca12", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/wds-multisite-aggregate/commit/49e0bbcb6ff70e561365d9e0d26426598f63ca12", "name" : "https://github.com/wp-plugins/wds-multisite-aggregate/commit/49e0bbcb6ff70e561365d9e0d26426598f63ca12", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.233364", "name" : "https://vuldb.com/?ctiid.233364", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.233364", "name" : "https://vuldb.com/?ctiid.233364", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.233364", "name" : "https://vuldb.com/?id.233364", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.233364", "name" : "https://vuldb.com/?id.233364", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in WDS Multisite Aggregate Plugin up to 1.0.0 on WordPress. Affected is the function update_options of the file includes/WDS_Multisite_Aggregate_Options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 49e0bbcb6ff70e561365d9e0d26426598f63ca12. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-233364." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webdevstudios:wds_multisite_aggregate:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-07-10T16:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10121", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/beeliked-microsite/commit/d23bafb5d05fb2636a2b78331f9d3fca152903dc", "name" : "https://github.com/wp-plugins/beeliked-microsite/commit/d23bafb5d05fb2636a2b78331f9d3fca152903dc", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/beeliked-microsite/commit/d23bafb5d05fb2636a2b78331f9d3fca152903dc", "name" : "https://github.com/wp-plugins/beeliked-microsite/commit/d23bafb5d05fb2636a2b78331f9d3fca152903dc", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.233365", "name" : "https://vuldb.com/?ctiid.233365", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.233365", "name" : "https://vuldb.com/?ctiid.233365", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.233365", "name" : "https://vuldb.com/?id.233365", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.233365", "name" : "https://vuldb.com/?id.233365", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Beeliked Microsite Plugin up to 1.0.1 on WordPress and classified as problematic. Affected by this vulnerability is the function embed_handler of the file beelikedmicrosite.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is d23bafb5d05fb2636a2b78331f9d3fca152903dc. It is recommended to upgrade the affected component. The identifier VDB-233365 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:beeliked:beeliked:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-07-10T16:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10122", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/wp-donate/commit/019114cb788d954c5d1b36d6c62418619e93a757", "name" : "https://github.com/wp-plugins/wp-donate/commit/019114cb788d954c5d1b36d6c62418619e93a757", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/wp-donate/commit/019114cb788d954c5d1b36d6c62418619e93a757", "name" : "https://github.com/wp-plugins/wp-donate/commit/019114cb788d954c5d1b36d6c62418619e93a757", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.234249", "name" : "https://vuldb.com/?ctiid.234249", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.234249", "name" : "https://vuldb.com/?ctiid.234249", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.234249", "name" : "https://vuldb.com/?id.234249", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.234249", "name" : "https://vuldb.com/?id.234249", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. It has been classified as critical. This affects an unknown part of the file includes/donate-display.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.5 is able to address this issue. The identifier of the patch is 019114cb788d954c5d1b36d6c62418619e93a757. It is recommended to upgrade the affected component. The identifier VDB-234249 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wp_donate_project:wp_donate:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-07-18T05:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10123", "ASSIGNER" : "info@cert.vde.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cert.vde.com/en/advisories/VDE-2023-039/", "name" : "https://cert.vde.com/en/advisories/VDE-2023-039/", "refsource" : "", "tags" : [ ] }, { "url" : "https://cert.vde.com/en/advisories/VDE-2023-039/", "name" : "https://cert.vde.com/en/advisories/VDE-2023-039/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-13T09:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10124", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/most-popular-posts-widget-lite/commit/a99667d11ac8d320006909387b100e9a8b5c12e1", "name" : "https://github.com/wp-plugins/most-popular-posts-widget-lite/commit/a99667d11ac8d320006909387b100e9a8b5c12e1", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/most-popular-posts-widget-lite/commit/a99667d11ac8d320006909387b100e9a8b5c12e1", "name" : "https://github.com/wp-plugins/most-popular-posts-widget-lite/commit/a99667d11ac8d320006909387b100e9a8b5c12e1", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.241026", "name" : "https://vuldb.com/?ctiid.241026", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.241026", "name" : "https://vuldb.com/?ctiid.241026", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.241026", "name" : "https://vuldb.com/?id.241026", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.241026", "name" : "https://vuldb.com/?id.241026", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 0.9 is able to address this issue. The patch is identified as a99667d11ac8d320006909387b100e9a8b5c12e1. It is recommended to upgrade the affected component. VDB-241026 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:smartfan:most_popular_posts_widget:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-10-02T14:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10125", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/wp-ultimate-csv-importer/commit/13c30af721d3f989caac72dd0f56cf0dc40fad7e", "name" : "https://github.com/wp-plugins/wp-ultimate-csv-importer/commit/13c30af721d3f989caac72dd0f56cf0dc40fad7e", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/wp-ultimate-csv-importer/commit/13c30af721d3f989caac72dd0f56cf0dc40fad7e", "name" : "https://github.com/wp-plugins/wp-ultimate-csv-importer/commit/13c30af721d3f989caac72dd0f56cf0dc40fad7e", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/wp-ultimate-csv-importer/releases/tag/3.7.3", "name" : "https://github.com/wp-plugins/wp-ultimate-csv-importer/releases/tag/3.7.3", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/wp-ultimate-csv-importer/releases/tag/3.7.3", "name" : "https://github.com/wp-plugins/wp-ultimate-csv-importer/releases/tag/3.7.3", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.241317", "name" : "https://vuldb.com/?ctiid.241317", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.241317", "name" : "https://vuldb.com/?ctiid.241317", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.241317", "name" : "https://vuldb.com/?id.241317", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.241317", "name" : "https://vuldb.com/?id.241317", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:smackcoders:import_all_pages\\,_post_types\\,_products\\,_orders\\,_and_users_as_xml_\\&_csv:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.7.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-10-05T23:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10126", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/easy2map-photos/commit/503d9ee2482d27c065f78d9546f076a406189908", "name" : "https://github.com/wp-plugins/easy2map-photos/commit/503d9ee2482d27c065f78d9546f076a406189908", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://github.com/wp-plugins/easy2map-photos/commit/503d9ee2482d27c065f78d9546f076a406189908", "name" : "https://github.com/wp-plugins/easy2map-photos/commit/503d9ee2482d27c065f78d9546f076a406189908", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.241318", "name" : "https://vuldb.com/?ctiid.241318", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.241318", "name" : "https://vuldb.com/?ctiid.241318", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.241318", "name" : "https://vuldb.com/?id.241318", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.241318", "name" : "https://vuldb.com/?id.241318", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as 503d9ee2482d27c065f78d9546f076a406189908. It is recommended to upgrade the affected component. VDB-241318 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:steven_ellis:easy2map_photos:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-10-06T08:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10127", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/pluscaptcha/commit/1274afc635170daafd38306487b6bb8a01f78ecd", "name" : "https://github.com/wp-plugins/pluscaptcha/commit/1274afc635170daafd38306487b6bb8a01f78ecd", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/pluscaptcha/commit/1274afc635170daafd38306487b6bb8a01f78ecd", "name" : "https://github.com/wp-plugins/pluscaptcha/commit/1274afc635170daafd38306487b6bb8a01f78ecd", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.248954", "name" : "https://vuldb.com/?ctiid.248954", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.248954", "name" : "https://vuldb.com/?ctiid.248954", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.248954", "name" : "https://vuldb.com/?id.248954", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.248954", "name" : "https://vuldb.com/?id.248954", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. The patch is identified as 1274afc635170daafd38306487b6bb8a01f78ecd. It is recommended to upgrade the affected component. VDB-248954 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bestwebsoft:pluscaptcha:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-12-26T17:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10128", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/rt-prettyphoto/commit/0d3d38cfa487481b66869e4212df1cefc281ecb7", "name" : "https://github.com/wp-plugins/rt-prettyphoto/commit/0d3d38cfa487481b66869e4212df1cefc281ecb7", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/rt-prettyphoto/commit/0d3d38cfa487481b66869e4212df1cefc281ecb7", "name" : "https://github.com/wp-plugins/rt-prettyphoto/commit/0d3d38cfa487481b66869e4212df1cefc281ecb7", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.249422", "name" : "https://vuldb.com/?ctiid.249422", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249422", "name" : "https://vuldb.com/?ctiid.249422", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249422", "name" : "https://vuldb.com/?id.249422", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249422", "name" : "https://vuldb.com/?id.249422", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3 is able to address this issue. The patch is identified as 0d3d38cfa487481b66869e4212df1cefc281ecb7. It is recommended to upgrade the affected component. VDB-249422 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:royaltechbd:royal_prettyphoto:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-02T14:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10129", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/samwilson/planet-freo/commit/6ad38c58a45642eb8c7844e2f272ef199f59550d", "name" : "https://github.com/samwilson/planet-freo/commit/6ad38c58a45642eb8c7844e2f272ef199f59550d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/samwilson/planet-freo/commit/6ad38c58a45642eb8c7844e2f272ef199f59550d", "name" : "https://github.com/samwilson/planet-freo/commit/6ad38c58a45642eb8c7844e2f272ef199f59550d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.252716", "name" : "https://vuldb.com/?ctiid.252716", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252716", "name" : "https://vuldb.com/?ctiid.252716", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252716", "name" : "https://vuldb.com/?id.252716", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252716", "name" : "https://vuldb.com/?id.252716", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 6ad38c58a45642eb8c7844e2f272ef199f59550d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-252716." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samwilson:planet-freo:*:*:*:*:*:*:*:*", "versionEndIncluding" : "20150116", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-04T05:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10130", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1269993%40circle-image-slider-with-lightbox&new=1269993%40circle-image-slider-with-lightbox&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1269993%40circle-image-slider-with-lightbox&new=1269993%40circle-image-slider-with-lightbox&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1269993%40circle-image-slider-with-lightbox&new=1269993%40circle-image-slider-with-lightbox&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1269993%40circle-image-slider-with-lightbox&new=1269993%40circle-image-slider-with-lightbox&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6a54470-fc66-43c5-a523-ddbefd47ee1f?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6a54470-fc66-43c5-a523-ddbefd47ee1f?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6a54470-fc66-43c5-a523-ddbefd47ee1f?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6a54470-fc66-43c5-a523-ddbefd47ee1f?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the circle_thumbnail_slider_with_lightbox_image_management_func() function. This makes it possible for unauthenticated attackers to edit image data which can be used to inject malicious JavaScript, along with deleting images, and uploading malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:i13websolution:team_circle_image_slider_with_lightbox:1.0:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-03-13T03:15Z", "lastModifiedDate" : "2025-03-21T11:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10131", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/tfo-graphviz/commit/594c953a345f79e26003772093b0caafc14b92c2", "name" : "https://github.com/wp-plugins/tfo-graphviz/commit/594c953a345f79e26003772093b0caafc14b92c2", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/wp-plugins/tfo-graphviz/commit/594c953a345f79e26003772093b0caafc14b92c2", "name" : "https://github.com/wp-plugins/tfo-graphviz/commit/594c953a345f79e26003772093b0caafc14b92c2", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/wp-plugins/tfo-graphviz/releases/tag/1.10", "name" : "https://github.com/wp-plugins/tfo-graphviz/releases/tag/1.10", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/wp-plugins/tfo-graphviz/releases/tag/1.10", "name" : "https://github.com/wp-plugins/tfo-graphviz/releases/tag/1.10", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.258620", "name" : "VDB-258620 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.258620", "name" : "VDB-258620 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.258620", "name" : "VDB-258620 | chrisy TFO Graphviz Plugin tfo-graphviz-admin.php admin_page cross site scripting", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.258620", "name" : "VDB-258620 | chrisy TFO Graphviz Plugin tfo-graphviz-admin.php admin_page cross site scripting", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is 594c953a345f79e26003772093b0caafc14b92c2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258620." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-31T06:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10132", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/wp-spreadplugin/commit/a9b9afc641854698e80aa5dd9ababfc8e0e57d69", "name" : "https://github.com/wp-plugins/wp-spreadplugin/commit/a9b9afc641854698e80aa5dd9ababfc8e0e57d69", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/wp-plugins/wp-spreadplugin/commit/a9b9afc641854698e80aa5dd9ababfc8e0e57d69", "name" : "https://github.com/wp-plugins/wp-spreadplugin/commit/a9b9afc641854698e80aa5dd9ababfc8e0e57d69", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/wp-plugins/wp-spreadplugin/releases/tag/3.8.6.6", "name" : "https://github.com/wp-plugins/wp-spreadplugin/releases/tag/3.8.6.6", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/wp-plugins/wp-spreadplugin/releases/tag/3.8.6.6", "name" : "https://github.com/wp-plugins/wp-spreadplugin/releases/tag/3.8.6.6", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.261676", "name" : "VDB-261676 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.261676", "name" : "VDB-261676 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.261676", "name" : "VDB-261676 | Thimo Grauerholz WP-Spreadplugin spreadplugin.php cross site scripting", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.261676", "name" : "VDB-261676 | Thimo Grauerholz WP-Spreadplugin spreadplugin.php cross site scripting", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.8.6.6 is able to address this issue. The name of the patch is a9b9afc641854698e80aa5dd9ababfc8e0e57d69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-261676." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-21T20:15Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10133", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-98" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://advisories.dxw.com/advisories/admin-only-local-file-inclusion-and-arbitrary-code-execution-in-subscribe-to-comments-2-1-2/", "name" : "https://advisories.dxw.com/advisories/admin-only-local-file-inclusion-and-arbitrary-code-execution-in-subscribe-to-comments-2-1-2/", "refsource" : "", "tags" : [ ] }, { "url" : "https://packetstormsecurity.com/files/132694/", "name" : "https://packetstormsecurity.com/files/132694/", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1198281%40subscribe-to-comments&new=1198281%40subscribe-to-comments&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1198281%40subscribe-to-comments&new=1198281%40subscribe-to-comments&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://seclists.org/fulldisclosure/2015/Jul/71", "name" : "https://seclists.org/fulldisclosure/2015/Jul/71", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f92784a7-f2b3-47f8-b03f-4e234b57e40a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f92784a7-f2b3-47f8-b03f-4e234b57e40a?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This same function can also be used to execute arbitrary PHP code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2025-07-19T10:15Z", "lastModifiedDate" : "2025-07-19T10:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10134", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/131919/", "name" : "https://packetstormsecurity.com/files/131919/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/29482b70-0ff2-4bb1-9d41-9cffb83b5ad0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/29482b70-0ff2-4bb1-9d41-9cffb83b5ad0?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2.7.10. via the download_backup_file function. This is due to a lack of capability checks and file type validation. This makes it possible for attackers to download sensitive files such as the wp-config.php file from the affected site." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2025-07-19T10:15Z", "lastModifiedDate" : "2025-07-19T10:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10135", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://g0blin.co.uk/g0blin-00036/", "name" : "https://g0blin.co.uk/g0blin-00036/", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/espreto/wpsploit/blob/master/modules/exploits/unix/webapp/wp_wpshop_ecommerce_file_upload.rb", "name" : "https://github.com/espreto/wpsploit/blob/master/modules/exploits/unix/webapp/wp_wpshop_ecommerce_file_upload.rb", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/1103406", "name" : "https://plugins.trac.wordpress.org/changeset/1103406", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/wpshop/#developers", "name" : "https://wordpress.org/plugins/wpshop/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/32e8224d-a653-48d7-a3f4-338fc0c1dc77?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/32e8224d-a653-48d7-a3f4-338fc0c1dc77?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2025-07-19T10:15Z", "lastModifiedDate" : "2025-07-19T10:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10136", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://wordpressa.quantika14.com/repository/index.php?id=24", "name" : "http://wordpressa.quantika14.com/repository/index.php?id=24", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb", "name" : "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/1132677", "name" : "https://plugins.trac.wordpress.org/changeset/1132677", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/gi-media-library/#developers", "name" : "https://wordpress.org/plugins/gi-media-library/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://wpscan.com/vulnerability/7754", "name" : "https://wpscan.com/vulnerability/7754", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_gimedia_library_file_read/", "name" : "https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_gimedia_library_file_read/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-9137-9c538184cda3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-9137-9c538184cda3?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2025-07-19T10:15Z", "lastModifiedDate" : "2025-07-19T10:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10138", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/131294/", "name" : "https://packetstormsecurity.com/files/131294/", "refsource" : "", "tags" : [ ] }, { "url" : "https://packetstormsecurity.com/files/131512/", "name" : "https://packetstormsecurity.com/files/131512/", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1127456%40work-the-flow-file-upload&new=1127456%40work-the-flow-file-upload&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1127456%40work-the-flow-file-upload&new=1127456%40work-the-flow-file-upload&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1127457%40work-the-flow-file-upload&new=1127457%40work-the-flow-file-upload&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1127457%40work-the-flow-file-upload&new=1127457%40work-the-flow-file-upload&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://wpscan.com/vulnerability/a49a81a9-3d4b-4c8d-b719-fc513aceecc6", "name" : "https://wpscan.com/vulnerability/a49a81a9-3d4b-4c8d-b719-fc513aceecc6", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-work-the-flow-file-upload-arbitrary-file-upload-2-5-2/", "name" : "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-work-the-flow-file-upload-arbitrary-file-upload-2-5-2/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.homelab.it/index.php/2015/04/04/wordpress-work-the-flow-file-upload-vulnerability/", "name" : "https://www.homelab.it/index.php/2015/04/04/wordpress-work-the-flow-file-upload-vulnerability/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_worktheflow_upload/", "name" : "https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_worktheflow_upload/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/eb271cc8-01ec-45eb-9d6f-efc55c7c3923?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/eb271cc8-01ec-45eb-9d6f-efc55c7c3923?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2025-07-19T12:15Z", "lastModifiedDate" : "2025-07-19T12:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-10139", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/130291/", "name" : "https://packetstormsecurity.com/files/130291/", "refsource" : "", "tags" : [ ] }, { "url" : "https://themeforest.net/item/wplms-learning-management-system/6780226", "name" : "https://themeforest.net/item/wplms-learning-management-system/6780226", "refsource" : "", "tags" : [ ] }, { "url" : "https://twitter.com/_wpscan_/status/564874637679820800?lang=ca", "name" : "https://twitter.com/_wpscan_/status/564874637679820800?lang=ca", "refsource" : "", "tags" : [ ] }, { "url" : "https://wpscan.com/vulnerability/7785", "name" : "https://wpscan.com/vulnerability/7785", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.rapid7.com/db/modules/auxiliary/admin/http/wp_wplms_privilege_escalation/", "name" : "https://www.rapid7.com/db/modules/auxiliary/admin/http/wp_wplms_privilege_escalation/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e0e8f5f-8216-4276-a810-860f9b52c447?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e0e8f5f-8216-4276-a810-860f9b52c447?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin account." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2025-07-19T12:15Z", "lastModifiedDate" : "2025-07-19T12:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1014", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-427" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:schneider-electric:opc_factory_server:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:schneider-electric:citectscada:7.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:schneider-electric:citectscada:7.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:schneider-electric:citectscada:7.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:schneider-electric:scada_expert_vijeo_citect:7.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:schneider-electric:scada_expert_vijeo_citect:7.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:schneider-electric:scada_expert_vijeo_citect:7.40:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.3, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-03-25T19:29Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1045", "ASSIGNER" : "security@vmware.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1046", "ASSIGNER" : "security@vmware.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1142857", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-254" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2015/q4/425", "name" : "[oss-security] 20151203 CVE request -- Ethernet flow control vulnerability in SRIOV devices", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2015/q4/425", "name" : "[oss-security] 20151203 CVE request -- Ethernet flow control vulnerability in SRIOV devices", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00046&languageid=en-fr", "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00046&languageid=en-fr", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00046&languageid=en-fr", "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00046&languageid=en-fr", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-smolyar.pdf", "name" : "https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-smolyar.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-smolyar.pdf", "name" : "https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-smolyar.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:intel:x710_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:intel:x710:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:intel:82599_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:intel:82599:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:intel:x540_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:intel:x540:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:intel:i350_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:intel:i350:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:intel:82576_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:intel:82576:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel_ixgbe:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel_i40e\\/i40evf:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dpdk:dpdk:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 8.6, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 4.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-23T14:29Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1160", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1202", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-01-24T22:15Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1203", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-01-24T22:15Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1208", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-191" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3ebd76a9c57558e284e94da367dd23b435e6a6d0", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3ebd76a9c57558e284e94da367dd23b435e6a6d0", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3ebd76a9c57558e284e94da367dd23b435e6a6d0", "name" : "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3ebd76a9c57558e284e94da367dd23b435e6a6d0", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=444546", "name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=444546", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=444546", "name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=444546", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/FFmpeg/FFmpeg/blob/n2.4.6/Changelog", "name" : "https://github.com/FFmpeg/FFmpeg/blob/n2.4.6/Changelog", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/FFmpeg/FFmpeg/blob/n2.4.6/Changelog", "name" : "https://github.com/FFmpeg/FFmpeg/blob/n2.4.6/Changelog", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.4.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-09T16:29Z", "lastModifiedDate" : "2024-11-21T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1290", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1", "name" : "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1", "refsource" : "", "tags" : [ ] }, { "url" : "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1", "name" : "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1", "refsource" : "", "tags" : [ ] }, { "url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html", "name" : "openSUSE-SU-2015:2368", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html", "name" : "openSUSE-SU-2015:2368", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80", "name" : "http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80", "name" : "http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=505374", "name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=505374", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=505374", "name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=505374", "refsource" : "", "tags" : [ ] }, { "url" : "https://codereview.chromium.org/1233453004", "name" : "https://codereview.chromium.org/1233453004", "refsource" : "", "tags" : [ ] }, { "url" : "https://codereview.chromium.org/1233453004", "name" : "https://codereview.chromium.org/1233453004", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "44.0.2403.89", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.5.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-09T16:29Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1313", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-425" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://beyondbinary.io/articles/teamcity-account-creation/", "name" : "https://beyondbinary.io/articles/teamcity-account-creation/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://beyondbinary.io/articles/teamcity-account-creation/", "name" : "https://beyondbinary.io/articles/teamcity-account-creation/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.jetbrains.com/teamcity/download/", "name" : "https://www.jetbrains.com/teamcity/download/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.jetbrains.com/teamcity/download/", "name" : "https://www.jetbrains.com/teamcity/download/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0", "versionEndExcluding" : "9.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 2.5 } }, "publishedDate" : "2023-06-29T15:15Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1316", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-320" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bazaar.launchpad.net/~juju-core/juju-core/trunk/revision/4119", "name" : "http://bazaar.launchpad.net/~juju-core/juju-core/trunk/revision/4119", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Third Party Advisory" ] }, { "url" : "http://bazaar.launchpad.net/~juju-core/juju-core/trunk/revision/4119", "name" : "http://bazaar.launchpad.net/~juju-core/juju-core/trunk/revision/4119", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.25.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-22T16:29Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1320", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://launchpad.net/maas/+milestone/1.9.2", "name" : "https://launchpad.net/maas/+milestone/1.9.2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://launchpad.net/maas/+milestone/1.9.2", "name" : "https://launchpad.net/maas/+milestone/1.9.2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:canonical:metal_as_a_service:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-22T16:29Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1326", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/martinpitt/python-dbusmock/commit/4e7d0df9093", "name" : "https://github.com/martinpitt/python-dbusmock/commit/4e7d0df9093", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/martinpitt/python-dbusmock/commit/4e7d0df9093", "name" : "https://github.com/martinpitt/python-dbusmock/commit/4e7d0df9093", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:python-dbusmock_project:python-dbusmock:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.15.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-04-22T16:29Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1327", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bazaar.launchpad.net/~phablet-team/content-hub/trunk/revision/212", "name" : "https://bazaar.launchpad.net/~phablet-team/content-hub/trunk/revision/212", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bazaar.launchpad.net/~phablet-team/content-hub/trunk/revision/212", "name" : "https://bazaar.launchpad.net/~phablet-team/content-hub/trunk/revision/212", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-04-22T16:29Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1340", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4", "name" : "https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4", "name" : "https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:linuxcontainers:lxd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-22T16:29Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1341", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://launchpad.net/apport/trunk/2.19.2", "name" : "https://launchpad.net/apport/trunk/2.19.2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://launchpad.net/apport/trunk/2.19.2", "name" : "https://launchpad.net/apport/trunk/2.19.2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/2782-1/", "name" : "https://usn.ubuntu.com/2782-1/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/2782-1/", "name" : "https://usn.ubuntu.com/2782-1/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-22T16:29Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1343", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-532" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.launchpad.net/ubuntu/+source/unity-scope-gdrive/+bug/1509076", "name" : "https://bugs.launchpad.net/ubuntu/+source/unity-scope-gdrive/+bug/1509076", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/ubuntu/+source/unity-scope-gdrive/+bug/1509076", "name" : "https://bugs.launchpad.net/ubuntu/+source/unity-scope-gdrive/+bug/1509076", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "All versions of unity-scope-gdrive logs search terms to syslog." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-22T16:29Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1353", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it cannot be considered a security issue in the originally named product because of that product's specification. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-03-30T10:59Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1387", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1454. Reason: This candidate is a reservation duplicate of CVE-2015-1454. Notes: All CVE users should reference CVE-2015-1454 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-02-17T17:15Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1390", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:airwave:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0.0", "versionEndExcluding" : "8.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-09-05T18:15Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1391", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:airwave:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0.0", "versionEndExcluding" : "8.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-09-05T18:15Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1394", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/1073334/", "name" : "https://plugins.trac.wordpress.org/changeset/1073334/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/1073334/", "name" : "https://plugins.trac.wordpress.org/changeset/1073334/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery", "name" : "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery", "name" : "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2015/Jan/140", "name" : "https://seclists.org/bugtraq/2015/Jan/140", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2015/Jan/140", "name" : "https://seclists.org/bugtraq/2015/Jan/140", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/photo-gallery/changelog/", "name" : "https://wordpress.org/plugins/photo-gallery/changelog/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/photo-gallery/changelog/", "name" : "https://wordpress.org/plugins/photo-gallery/changelog/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-08T17:15Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1396", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/01/27/29", "name" : "http://www.openwall.com/lists/oss-security/2015/01/27/29", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/01/27/29", "name" : "http://www.openwall.com/lists/oss-security/2015/01/27/29", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/01/27/29", "name" : "[oss-security] 20150127 Re: CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196?", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/01/27/29", "name" : "[oss-security] 20150127 Re: CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196?", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/75358", "name" : "http://www.securityfocus.com/bid/75358", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/75358", "name" : "http://www.securityfocus.com/bid/75358", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/75358", "name" : "75358", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/75358", "name" : "75358", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2651-1", "name" : "http://www.ubuntu.com/usn/USN-2651-1", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.ubuntu.com/usn/USN-2651-1", "name" : "http://www.ubuntu.com/usn/USN-2651-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1186764", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1186764", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1186764", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1186764", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:patch:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.7.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-25T16:15Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1416", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/07/30/9", "name" : "[oss-security] 20150730 CVE-2015-1416: vulnerability in patch(1)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/07/30/9", "name" : "[oss-security] 20150730 CVE-2015-1416: vulnerability in patch(1)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/08/01/4", "name" : "[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/08/01/4", "name" : "[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/08/02/1", "name" : "[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/08/02/1", "name" : "[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/08/02/6", "name" : "[oss-security] 20150802 Re: CVE-2015-1416: vulnerability in patch(1)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/08/02/6", "name" : "[oss-security] 20150802 Re: CVE-2015-1416: vulnerability in patch(1)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/76116", "name" : "76116", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/76116", "name" : "76116", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1033110", "name" : "1033110", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1033110", "name" : "1033110", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc", "name" : "FreeBSD-SA-15:14", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc", "name" : "FreeBSD-SA-15:14", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-05T16:29Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1418", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://rachelbythebay.com/w/2018/04/05/bangpatch/", "name" : "http://rachelbythebay.com/w/2018/04/05/bangpatch/", "refsource" : "", "tags" : [ ] }, { "url" : "http://rachelbythebay.com/w/2018/04/05/bangpatch/", "name" : "http://rachelbythebay.com/w/2018/04/05/bangpatch/", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/76236", "name" : "76236", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/76236", "name" : "76236", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1033188", "name" : "1033188", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1033188", "name" : "1033188", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.debian.org/894667", "name" : "https://bugs.debian.org/894667", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugs.debian.org/894667", "name" : "https://bugs.debian.org/894667", "refsource" : "", "tags" : [ ] }, { "url" : "https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig", "name" : "https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig", "refsource" : "", "tags" : [ ] }, { "url" : "https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig", "name" : "https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:18.bsdpatch.asc", "name" : "FreeBSD-SA-15:18", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:18.bsdpatch.asc", "name" : "FreeBSD-SA-15:18", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The do_ed_script function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1, allows remote attackers to execute arbitrary commands via a crafted patch file, because a '!' character can be passed to the ed program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-05T16:29Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1425", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/72085", "name" : "http://www.securityfocus.com/bid/72085", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72085", "name" : "http://www.securityfocus.com/bid/72085", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jakweb:gecko_cms:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jakweb:gecko_cms:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-18T13:15Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1503", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html", "name" : "http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html", "name" : "http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44587/", "name" : "44587", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44587/", "name" : "44587", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614", "name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614", "name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-08T20:29Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1525", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/hardware/libhardware_legacy/+/2d2ea50%5E%21/", "name" : "https://android.googlesource.com/platform/hardware/libhardware_legacy/+/2d2ea50%5E%21/", "refsource" : "", "tags" : [ ] }, { "url" : "https://android.googlesource.com/platform/hardware/libhardware_legacy/+/2d2ea50%5E%21/", "name" : "https://android.googlesource.com/platform/hardware/libhardware_legacy/+/2d2ea50%5E%21/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-24T18:15Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1530", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/av/+/74adca9%5E%21/", "name" : "https://android.googlesource.com/platform/frameworks/av/+/74adca9%5E%21/", "refsource" : "", "tags" : [ ] }, { "url" : "https://android.googlesource.com/platform/frameworks/av/+/74adca9%5E%21/", "name" : "https://android.googlesource.com/platform/frameworks/av/+/74adca9%5E%21/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.8, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-24T18:15Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1583", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/130598/ATutor-LCMS-2.2-Cross-Site-Request-Forgery.html", "name" : "http://packetstormsecurity.com/files/130598/ATutor-LCMS-2.2-Cross-Site-Request-Forgery.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/130598/ATutor-LCMS-2.2-Cross-Site-Request-Forgery.html", "name" : "http://packetstormsecurity.com/files/130598/ATutor-LCMS-2.2-Cross-Site-Request-Forgery.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72845", "name" : "72845", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72845", "name" : "72845", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://edricteo.com/cve-2015-1583-atutor-lcms-csrf-vulnerability/", "name" : "https://edricteo.com/cve-2015-1583-atutor-lcms-csrf-vulnerability/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://edricteo.com/cve-2015-1583-atutor-lcms-csrf-vulnerability/", "name" : "https://edricteo.com/cve-2015-1583-atutor-lcms-csrf-vulnerability/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/atutor/ATutor/commit/068b8aa37f24645c62235018fb8da340f60e2d18", "name" : "https://github.com/atutor/ATutor/commit/068b8aa37f24645c62235018fb8da340f60e2d18", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/atutor/ATutor/commit/068b8aa37f24645c62235018fb8da340f60e2d18", "name" : "https://github.com/atutor/ATutor/commit/068b8aa37f24645c62235018fb8da340f60e2d18", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/atutor/ATutor/commit/0ee827317e497f1db86ddc5080b8af461e4595ce", "name" : "https://github.com/atutor/ATutor/commit/0ee827317e497f1db86ddc5080b8af461e4595ce", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/atutor/ATutor/commit/0ee827317e497f1db86ddc5080b8af461e4595ce", "name" : "https://github.com/atutor/ATutor/commit/0ee827317e497f1db86ddc5080b8af461e4595ce", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/atutor/ATutor/commit/af519cfb56da7312eecbb5812484fcbce08e4419", "name" : "https://github.com/atutor/ATutor/commit/af519cfb56da7312eecbb5812484fcbce08e4419", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/atutor/ATutor/commit/af519cfb56da7312eecbb5812484fcbce08e4419", "name" : "https://github.com/atutor/ATutor/commit/af519cfb56da7312eecbb5812484fcbce08e4419", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atutor:atutor:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-03-02T16:15Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1606", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648", "name" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648", "name" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2015/dsa-3184", "name" : "http://www.debian.org/security/2015/dsa-3184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3184", "name" : "http://www.debian.org/security/2015/dsa-3184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/13/14", "name" : "http://www.openwall.com/lists/oss-security/2015/02/13/14", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/13/14", "name" : "http://www.openwall.com/lists/oss-security/2015/02/13/14", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/14/6", "name" : "http://www.openwall.com/lists/oss-security/2015/02/14/6", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/14/6", "name" : "http://www.openwall.com/lists/oss-security/2015/02/14/6", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securitytracker.com/id/1031876", "name" : "http://www.securitytracker.com/id/1031876", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1031876", "name" : "http://www.securitytracker.com/id/1031876", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", "name" : "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", "name" : "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-20T19:15Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1607", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392", "name" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392", "name" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/13/14", "name" : "http://www.openwall.com/lists/oss-security/2015/02/13/14", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/13/14", "name" : "http://www.openwall.com/lists/oss-security/2015/02/13/14", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/14/6", "name" : "http://www.openwall.com/lists/oss-security/2015/02/14/6", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/14/6", "name" : "http://www.openwall.com/lists/oss-security/2015/02/14/6", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/72610", "name" : "http://www.securityfocus.com/bid/72610", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72610", "name" : "http://www.securityfocus.com/bid/72610", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.ubuntu.com/usn/usn-2554-1/", "name" : "http://www.ubuntu.com/usn/usn-2554-1/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/usn-2554-1/", "name" : "http://www.ubuntu.com/usn/usn-2554-1/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", "name" : "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", "name" : "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html", "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html", "refsource" : "", "tags" : [ "Mailing List", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html", "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html", "refsource" : "", "tags" : [ "Mailing List", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html", "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html", "refsource" : "", "tags" : [ "Mailing List", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html", "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html", "refsource" : "", "tags" : [ "Mailing List", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", "refsource" : "", "tags" : [ "Mailing List", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", "refsource" : "", "tags" : [ "Mailing List", "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.1.0", "versionEndExcluding" : "2.1.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0", "versionEndExcluding" : "2.0.27", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.19", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-20T19:15Z", "lastModifiedDate" : "2024-11-21T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1654", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1655", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1656", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1663", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1664", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1669", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1690", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1693", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1707", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1734", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1746", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1749", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1777", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/03/04/7", "name" : "[oss-security] 20150304 Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/04/7", "name" : "[oss-security] 20150304 Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.securityfocus.com/bid/72943", "name" : "72943", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72943", "name" : "72943", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198740", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198740", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198740", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198740", "refsource" : "", "tags" : [ "Issue Tracking" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:rhn-client-tools:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-12T15:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1780", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2015-1780", "name" : "https://access.redhat.com/security/cve/cve-2015-1780", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2015-1780", "name" : "https://access.redhat.com/security/cve/cve-2015-1780", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1780", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1780", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1780", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1780", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ovirt-engine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-22T15:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1784", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress", "name" : "https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress", "name" : "https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4", "name" : "https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4", "name" : "https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagely:nextgen_gallery:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.0.77.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2022-07-07T13:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1785", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress", "name" : "https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress", "name" : "https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4", "name" : "https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4", "name" : "https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagely:nextgen_gallery:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.0.77.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-07-07T13:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1797", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-06-09T10:59Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1809", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205625", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205625", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205625", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205625", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2015-02-27/", "name" : "https://jenkins.io/security/advisory/2015-02-27/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2015-02-27/", "name" : "https://jenkins.io/security/advisory/2015-02-27/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:cloudbees:*:*:*:*:lts:jenkins:*:*", "versionEndExcluding" : "1.596.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:cloudbees:*:*:*:*:*:jenkins:*:*", "versionEndExcluding" : "1.600", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T19:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1811", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205632", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205632", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205632", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205632", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2015-02-27/", "name" : "https://jenkins.io/security/advisory/2015-02-27/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2015-02-27/", "name" : "https://jenkins.io/security/advisory/2015-02-27/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:cloudbees:*:*:*:*:lts:jenkins:*:*", "versionEndExcluding" : "1.596.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:cloudbees:*:*:*:*:*:jenkins:*:*", "versionEndExcluding" : "1.600", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T19:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1823", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1824", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1825", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1826", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1837", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1850", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-01-15T15:15Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1853", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://chrony.tuxfamily.org/News.html", "name" : "http://chrony.tuxfamily.org/News.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://chrony.tuxfamily.org/News.html", "name" : "http://chrony.tuxfamily.org/News.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201507-01", "name" : "https://security.gentoo.org/glsa/201507-01", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201507-01", "name" : "https://security.gentoo.org/glsa/201507-01", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.31.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-09T19:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1855", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2015/dsa-3245", "name" : "http://www.debian.org/security/2015/dsa-3245", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3245", "name" : "http://www.debian.org/security/2015/dsa-3245", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3246", "name" : "http://www.debian.org/security/2015/dsa-3246", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3246", "name" : "http://www.debian.org/security/2015/dsa-3246", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3247", "name" : "http://www.debian.org/security/2015/dsa-3247", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3247", "name" : "http://www.debian.org/security/2015/dsa-3247", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.ruby-lang.org/issues/9644", "name" : "https://bugs.ruby-lang.org/issues/9644", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.ruby-lang.org/issues/9644", "name" : "https://bugs.ruby-lang.org/issues/9644", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://puppetlabs.com/security/cve/cve-2015-1855", "name" : "https://puppetlabs.com/security/cve/cve-2015-1855", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://puppetlabs.com/security/cve/cve-2015-1855", "name" : "https://puppetlabs.com/security/cve/cve-2015-1855", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/", "name" : "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/", "name" : "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruby-lang:ruby:2.0.0:p353:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruby-lang:ruby:2.0.0:p643:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruby-lang:ruby:2.0.0:p598:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruby-lang:trunk:*:*:*:*:*:*:*:*", "versionEndExcluding" : "50292", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruby-lang:ruby:2.0.0:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.1.0", "versionEndExcluding" : "2.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.2.0", "versionEndExcluding" : "2.2.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.0", "versionEndExcluding" : "3.8.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:puppet:puppet_agent:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-29T21:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1857", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cloudrouter.org/security/", "name" : "https://cloudrouter.org/security/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://cloudrouter.org/security/", "name" : "https://cloudrouter.org/security/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://git.opendaylight.org/gerrit/#/c/17709/", "name" : "https://git.opendaylight.org/gerrit/#/c/17709/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://git.opendaylight.org/gerrit/#/c/17709/", "name" : "https://git.opendaylight.org/gerrit/#/c/17709/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://wiki.opendaylight.org/view/Security_Advisories", "name" : "https://wiki.opendaylight.org/view/Security_Advisories", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://wiki.opendaylight.org/view/Security_Advisories", "name" : "https://wiki.opendaylight.org/view/Security_Advisories", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:linuxfoundation:opendaylight:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.2.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-27T16:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1861", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-01-21T18:15Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1862", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/131422/Fedora-abrt-Race-Condition.html", "name" : "http://packetstormsecurity.com/files/131422/Fedora-abrt-Race-Condition.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/131422/Fedora-abrt-Race-Condition.html", "name" : "http://packetstormsecurity.com/files/131422/Fedora-abrt-Race-Condition.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/131423/Linux-Apport-Abrt-Local-Root-Exploit.html", "name" : "http://packetstormsecurity.com/files/131423/Linux-Apport-Abrt-Local-Root-Exploit.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/131423/Linux-Apport-Abrt-Local-Root-Exploit.html", "name" : "http://packetstormsecurity.com/files/131423/Linux-Apport-Abrt-Local-Root-Exploit.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/131429/Abrt-Apport-Race-Condition-Symlink.html", "name" : "http://packetstormsecurity.com/files/131429/Abrt-Apport-Race-Condition-Symlink.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/131429/Abrt-Apport-Race-Condition-Symlink.html", "name" : "http://packetstormsecurity.com/files/131429/Abrt-Apport-Race-Condition-Symlink.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Apr/34", "name" : "20150414 Problems in automatic crash analysis frameworks", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Apr/34", "name" : "20150414 Problems in automatic crash analysis frameworks", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/04/14/4", "name" : "[oss-security] 20150414 Problems in automatic crash analysis frameworks", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/04/14/4", "name" : "[oss-security] 20150414 Problems in automatic crash analysis frameworks", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.securityfocus.com/bid/74263", "name" : "74263", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/74263", "name" : "74263", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1211223", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1211223", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1211223", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1211223", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/pull/810", "name" : "https://github.com/abrt/abrt/pull/810", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/pull/810", "name" : "https://github.com/abrt/abrt/pull/810", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/36746/", "name" : "36746", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36746/", "name" : "36746", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36747/", "name" : "36747", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/36747/", "name" : "36747", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:abrt_project:abrt:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.0, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-09T22:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1869", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/04/17/5", "name" : "http://www.openwall.com/lists/oss-security/2015/04/17/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/04/17/5", "name" : "http://www.openwall.com/lists/oss-security/2015/04/17/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1212861", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1212861", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1212861", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1212861", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca", "name" : "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca", "name" : "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f", "name" : "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f", "name" : "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-14T18:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1871", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1877", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2015/dsa-3165", "name" : "http://www.debian.org/security/2015/dsa-3165", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3165", "name" : "http://www.debian.org/security/2015/dsa-3165", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/18/7", "name" : "http://www.openwall.com/lists/oss-security/2015/02/18/7", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/18/7", "name" : "http://www.openwall.com/lists/oss-security/2015/02/18/7", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/18/9", "name" : "http://www.openwall.com/lists/oss-security/2015/02/18/9", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/18/9", "name" : "http://www.openwall.com/lists/oss-security/2015/02/18/9", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/72675", "name" : "http://www.securityfocus.com/bid/72675", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72675", "name" : "http://www.securityfocus.com/bid/72675", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777722", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777722", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777722", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777722", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=89129", "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=89129", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=89129", "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=89129", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freedesktop:xdg-utils:1.1.0:rc1:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2021-06-02T17:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1931", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-312" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-1485.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-1485.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-1485.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-1485.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-1486.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-1486.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-1486.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-1486.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-1488.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-1488.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-1488.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-1488.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-1544.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-1544.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-1544.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-1544.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-1604.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-1604.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-1604.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-1604.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/75985", "name" : "http://www.securityfocus.com/bid/75985", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/bid/75985", "name" : "http://www.securityfocus.com/bid/75985", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21962302", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21962302", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21962302", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21962302", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", "versionStartIncluding" : "8.0.0.0", "versionEndExcluding" : "8.0.1.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", "versionStartIncluding" : "7.1.0.0", "versionEndExcluding" : "7.1.3.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", "versionStartIncluding" : "7.0.0.0", "versionEndExcluding" : "7.0.9.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", "versionStartIncluding" : "6.1.0.0", "versionEndExcluding" : "6.1.8.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", "versionStartIncluding" : "6.0.0.0", "versionEndExcluding" : "6.0.16.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", "versionStartIncluding" : "5.0.0.0", "versionEndExcluding" : "5.0.16.13", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2022-09-29T03:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1952", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883124", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883124", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883124", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883124", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/103416", "name" : "ibm-appscan-cve20151952-xss(103416)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/103416", "name" : "ibm-appscan-cve20151952-xss(103416)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 103416." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan:9.0.0.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan:9.0.1.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan:9.0.2.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan:8.5.0.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan:8.6.0.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan:8.7.0.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_appscan:8.8.0.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-16T18:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1957", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960506", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960506", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960506", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960506", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/103482", "name" : "ibm-mq-cve20151957-info-disc(103482)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/103482", "name" : "ibm-mq-cve20151957-info-disc(103482)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0", "versionEndExcluding" : "8.0.0.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.5", "versionEndExcluding" : "7.5.0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.6, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-10T15:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1975", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103717", "name" : "103717", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103717", "name" : "103717", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960659", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960659", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960659", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960659", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/103694", "name" : "ibm-sds-cve20151975-arg-injection(103694)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/103694", "name" : "ibm-sds-cve20151975-arg-injection(103694)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_directory_server:6.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-03T22:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1990", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-07-17T01:29Z", "lastModifiedDate" : "2023-11-07T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-1991", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-07-17T01:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2000", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-118" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://alephsecurity.com/vulns/aleph-2015001", "name" : "https://alephsecurity.com/vulns/aleph-2015001", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://alephsecurity.com/vulns/aleph-2015001", "name" : "https://alephsecurity.com/vulns/aleph-2015001", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "name" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "name" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jumio:jumio_sdk:*:*:*:*:*:android:*:*", "versionEndExcluding" : "1.5.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-29T18:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-20001", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/rust-lang/rust/issues/25842", "name" : "https://github.com/rust-lang/rust/issues/25842", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/rust-lang/rust/issues/25842", "name" : "https://github.com/rust-lang/rust/issues/25842", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/rust-lang/rust/pull/25856", "name" : "https://github.com/rust-lang/rust/pull/25856", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/rust-lang/rust/pull/25856", "name" : "https://github.com/rust-lang/rust/pull/25856", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2021-04-11T20:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-20002", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2001", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-118" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://alephsecurity.com/vulns/aleph-2015002", "name" : "https://alephsecurity.com/vulns/aleph-2015002", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://alephsecurity.com/vulns/aleph-2015002", "name" : "https://alephsecurity.com/vulns/aleph-2015002", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "name" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "name" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:metaio:metaio_sdk:*:*:*:*:*:android:*:*", "versionEndExcluding" : "6.0.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-29T18:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-20019", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/1393044/content-text-slider-on-post", "name" : "https://plugins.trac.wordpress.org/changeset/1393044/content-text-slider-on-post", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/1393044/content-text-slider-on-post", "name" : "https://plugins.trac.wordpress.org/changeset/1393044/content-text-slider-on-post", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2015/Dec/124", "name" : "https://seclists.org/bugtraq/2015/Dec/124", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2015/Dec/124", "name" : "https://seclists.org/bugtraq/2015/Dec/124", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/4f92b211-e09c-4ed0-bc98-27e0b51b1f86", "name" : "https://wpscan.com/vulnerability/4f92b211-e09c-4ed0-bc98-27e0b51b1f86", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/4f92b211-e09c-4ed0-bc98-27e0b51b1f86", "name" : "https://wpscan.com/vulnerability/4f92b211-e09c-4ed0-bc98-27e0b51b1f86", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:content_text_slider_on_post_project:content_text_slider_on_post:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "6.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2021-11-01T09:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2002", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-118" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://alephsecurity.com/vulns/aleph-2015003", "name" : "https://alephsecurity.com/vulns/aleph-2015003", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://alephsecurity.com/vulns/aleph-2015003", "name" : "https://alephsecurity.com/vulns/aleph-2015003", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "name" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "name" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esri:arcgisruntime_sdk:*:*:*:*:*:android:*:*", "versionEndExcluding" : "10.2.6-2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-29T18:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2003", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-118" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://alephsecurity.com/vulns/aleph-2015004", "name" : "https://alephsecurity.com/vulns/aleph-2015004", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://alephsecurity.com/vulns/aleph-2015004", "name" : "https://alephsecurity.com/vulns/aleph-2015004", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "name" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "name" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pjsip:pjsua2_sdk:*:*:*:*:*:android:*:*", "versionEndExcluding" : "51322", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-29T18:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2004", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-118" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://alephsecurity.com/vulns/aleph-2015005", "name" : "https://alephsecurity.com/vulns/aleph-2015005", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://alephsecurity.com/vulns/aleph-2015005", "name" : "https://alephsecurity.com/vulns/aleph-2015005", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "name" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "name" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gracenote:gnsdk:*:*:*:*:*:android:*:*", "versionEndExcluding" : "1.1.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-29T18:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-20067", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb", "name" : "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb", "name" : "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/fulldisclosure/2015/Jul/73", "name" : "https://seclists.org/fulldisclosure/2015/Jul/73", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/fulldisclosure/2015/Jul/73", "name" : "https://seclists.org/fulldisclosure/2015/Jul/73", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a", "name" : "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a", "name" : "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wp_attachment_export_project:wp_attachment_export:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "0.2.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2021-11-01T09:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2009", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21965821", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21965821", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21965821", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21965821", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:patch1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:patch2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:patch3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.2.0", "versionEndExcluding" : "7.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-29T18:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2010", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0010. Reason: This candidate is a duplicate of CVE-2015-0010. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2015-0010 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-02-20T17:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-20105", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/131814/", "name" : "https://packetstormsecurity.com/files/131814/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/131814/", "name" : "https://packetstormsecurity.com/files/131814/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://seclists.org/bugtraq/2015/May/45", "name" : "https://seclists.org/bugtraq/2015/May/45", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2015/May/45", "name" : "https://seclists.org/bugtraq/2015/May/45", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/2bc3af7e-5542-40c4-8141-7c49e8df68f0", "name" : "https://wpscan.com/vulnerability/2bc3af7e-5542-40c4-8141-7c49e8df68f0", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/2bc3af7e-5542-40c4-8141-7c49e8df68f0", "name" : "https://wpscan.com/vulnerability/2bc3af7e-5542-40c4-8141-7c49e8df68f0", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cbads:clickbank_affiliate_ads:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.6, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 2.8, "impactScore" : 6.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2021-12-02T18:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-20106", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/907792c4-3384-4351-bb75-0ad10f65fbe1", "name" : "https://wpscan.com/vulnerability/907792c4-3384-4351-bb75-0ad10f65fbe1", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/907792c4-3384-4351-bb75-0ad10f65fbe1", "name" : "https://wpscan.com/vulnerability/907792c4-3384-4351-bb75-0ad10f65fbe1", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cbads:clickbank_affiliate_ads:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2021-12-02T18:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-20107", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.python.org/issue24778", "name" : "https://bugs.python.org/issue24778", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugs.python.org/issue24778", "name" : "https://bugs.python.org/issue24778", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://github.com/python/cpython/issues/68966", "name" : "https://github.com/python/cpython/issues/68966", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/python/cpython/issues/68966", "name" : "https://github.com/python/cpython/issues/68966", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "name" : "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "name" : "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "name" : "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "name" : "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/", "name" : "FEDORA-2022-4b0dfda810", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/", "name" : "FEDORA-2022-4b0dfda810", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/", "name" : "FEDORA-2022-b499f2a9c6", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/", "name" : "FEDORA-2022-b499f2a9c6", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/", "name" : "FEDORA-2022-d157a91e10", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/", "name" : "FEDORA-2022-d157a91e10", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/", "name" : "FEDORA-2022-dbe9a8f9ac", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/", "name" : "FEDORA-2022-dbe9a8f9ac", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/", "name" : "FEDORA-2022-20e87fb0d1", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/", "name" : "FEDORA-2022-20e87fb0d1", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/", "name" : "FEDORA-2022-9cd41b6709", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/", "name" : "FEDORA-2022-9cd41b6709", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/", "name" : "FEDORA-2022-cece1d07d9", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/", "name" : "FEDORA-2022-cece1d07d9", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/", "name" : "FEDORA-2022-ec74ac4079", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/", "name" : "FEDORA-2022-ec74ac4079", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/", "name" : "FEDORA-2022-5ad25e3d3c", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/", "name" : "FEDORA-2022-5ad25e3d3c", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/", "name" : "FEDORA-2022-2e1d1205cf", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/", "name" : "FEDORA-2022-2e1d1205cf", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/", "name" : "FEDORA-2022-17a1bb7e78", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/", "name" : "FEDORA-2022-17a1bb7e78", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/", "name" : "FEDORA-2022-9dd70781cb", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/", "name" : "FEDORA-2022-9dd70781cb", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/", "name" : "FEDORA-2022-79843dfb3c", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/", "name" : "FEDORA-2022-79843dfb3c", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/", "name" : "FEDORA-2022-5ea8aa7518", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/", "name" : "FEDORA-2022-5ea8aa7518", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/", "name" : "FEDORA-2022-0be85556b4", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/", "name" : "FEDORA-2022-0be85556b4", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/", "name" : "FEDORA-2022-1358cedf2d", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/", "name" : "FEDORA-2022-1358cedf2d", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/", "name" : "FEDORA-2022-ce55d01569", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/", "name" : "FEDORA-2022-ce55d01569", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/", "name" : "FEDORA-2022-4a69d20cf4", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/", "name" : "FEDORA-2022-4a69d20cf4", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/", "name" : "FEDORA-2022-9da5703d22", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/", "name" : "FEDORA-2022-9da5703d22", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/", "name" : "FEDORA-2022-d1682fef04", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/", "name" : "FEDORA-2022-d1682fef04", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/", "name" : "FEDORA-2022-4c788bdc40", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/", "name" : "FEDORA-2022-4c788bdc40", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/", "name" : "FEDORA-2022-a8e50dc83e", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/", "name" : "FEDORA-2022-a8e50dc83e", "refsource" : "", "tags" : [ ] }, { "url" : "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html", "name" : "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html", "name" : "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/202305-02", "name" : "GLSA-202305-02", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.gentoo.org/glsa/202305-02", "name" : "GLSA-202305-02", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20220616-0001/", "name" : "https://security.netapp.com/advisory/ntap-20220616-0001/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20220616-0001/", "name" : "https://security.netapp.com/advisory/ntap-20220616-0001/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.8.0", "versionEndIncluding" : "3.8.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.9.0", "versionEndIncluding" : "3.9.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.10.0", "versionEndExcluding" : "3.10.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.7.0", "versionEndIncluding" : "3.7.15", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "HIGH", "availabilityImpact" : "LOW", "baseScore" : 7.6, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 4.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:C/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "COMPLETE", "availabilityImpact" : "PARTIAL", "baseScore" : 8.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 8.5, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2022-04-13T16:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-20108", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml", "name" : "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml", "name" : "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448", "name" : "https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448", "name" : "https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0", "name" : "https://github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0", "name" : "https://github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/SAML-Toolkits/ruby-saml/pull/225", "name" : "https://github.com/SAML-Toolkits/ruby-saml/pull/225", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://github.com/SAML-Toolkits/ruby-saml/pull/225", "name" : "https://github.com/SAML-Toolkits/ruby-saml/pull/225", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20230703-0003/", "name" : "https://security.netapp.com/advisory/ntap-20230703-0003/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20230703-0003/", "name" : "https://security.netapp.com/advisory/ntap-20230703-0003/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-05-27T19:15Z", "lastModifiedDate" : "2025-01-14T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-20109", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.netapp.com/advisory/ntap-20230731-0009/", "name" : "https://security.netapp.com/advisory/ntap-20230731-0009/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20230731-0009/", "name" : "https://security.netapp.com/advisory/ntap-20230731-0009/", "refsource" : "", "tags" : [ ] }, { "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=18036", "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=18036", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=18036", "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=18036", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.22", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2023-06-25T17:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-20110", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-307" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc", "name" : "https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc", "name" : "https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/jhipster/generator-jhipster/commit/7c49ab3d45dc4921b831a2ca55fb1e2a2db1ee25", "name" : "https://github.com/jhipster/generator-jhipster/commit/7c49ab3d45dc4921b831a2ca55fb1e2a2db1ee25", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/jhipster/generator-jhipster/commit/7c49ab3d45dc4921b831a2ca55fb1e2a2db1ee25", "name" : "https://github.com/jhipster/generator-jhipster/commit/7c49ab3d45dc4921b831a2ca55fb1e2a2db1ee25", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/jhipster/generator-jhipster/compare/v2.22.0...v2.23.0", "name" : "https://github.com/jhipster/generator-jhipster/compare/v2.22.0...v2.23.0", "refsource" : "", "tags" : [ "Patch", "Release Notes" ] }, { "url" : "https://github.com/jhipster/generator-jhipster/compare/v2.22.0...v2.23.0", "name" : "https://github.com/jhipster/generator-jhipster/compare/v2.22.0...v2.23.0", "refsource" : "", "tags" : [ "Patch", "Release Notes" ] }, { "url" : "https://github.com/jhipster/generator-jhipster/issues/2095", "name" : "https://github.com/jhipster/generator-jhipster/issues/2095", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://github.com/jhipster/generator-jhipster/issues/2095", "name" : "https://github.com/jhipster/generator-jhipster/issues/2095", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jhipster:jhipster:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.23.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2023-10-31T03:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-20111", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bitcoincore.org/en/2024/07/03/disclose_upnp_rce/", "name" : "https://bitcoincore.org/en/2024/07/03/disclose_upnp_rce/", "refsource" : "", "tags" : [ ] }, { "url" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", "name" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/miniupnp/miniupnp/commit/4c90b87ce3d2517097880279e8c3daa7731100e6", "name" : "https://github.com/miniupnp/miniupnp/commit/4c90b87ce3d2517097880279e8c3daa7731100e6", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/miniupnp/miniupnp/pull/157", "name" : "https://github.com/miniupnp/miniupnp/pull/157", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-18T04:15Z", "lastModifiedDate" : "2024-11-18T17:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-20112", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-325" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ethereum/devp2p/blob/master/rlpx.md#known-issues-in-the-current-version", "name" : "https://github.com/ethereum/devp2p/blob/master/rlpx.md#known-issues-in-the-current-version", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/ethereum/devp2p/issues/32", "name" : "https://github.com/ethereum/devp2p/issues/32", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/ethereum/go-ethereum/issues/1315", "name" : "https://github.com/ethereum/go-ethereum/issues/1315", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/hyperledger/besu/issues/7926", "name" : "https://github.com/hyperledger/besu/issues/7926", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/LaurentMT/go-ethereum/commit/e8cba7283b57280b1bcf5761478f852398365901", "name" : "https://github.com/LaurentMT/go-ethereum/commit/e8cba7283b57280b1bcf5761478f852398365901", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-06-29T21:15Z", "lastModifiedDate" : "2025-06-29T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2020", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://alephsecurity.com/vulns/aleph-2015006", "name" : "https://alephsecurity.com/vulns/aleph-2015006", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://alephsecurity.com/vulns/aleph-2015006", "name" : "https://alephsecurity.com/vulns/aleph-2015006", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "name" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "name" : "https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myscript:myscript:*:*:*:*:*:android:*:*", "versionEndExcluding" : "1.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-29T18:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2060", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151145.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151145.html", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151145.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151145.html", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151147.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151147.html", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151147.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151147.html", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.cabextract.org.uk/", "name" : "http://www.cabextract.org.uk/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.cabextract.org.uk/", "name" : "http://www.cabextract.org.uk/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:064", "name" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:064", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:064", "name" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:064", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/18/3", "name" : "http://www.openwall.com/lists/oss-security/2015/02/18/3", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/18/3", "name" : "http://www.openwall.com/lists/oss-security/2015/02/18/3", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/23/16", "name" : "http://www.openwall.com/lists/oss-security/2015/02/23/16", "refsource" : "", "tags" : [ "Mailing List", "Mitigation", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/23/16", "name" : "http://www.openwall.com/lists/oss-security/2015/02/23/16", "refsource" : "", "tags" : [ "Mailing List", "Mitigation", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/23/24", "name" : "http://www.openwall.com/lists/oss-security/2015/02/23/24", "refsource" : "", "tags" : [ "Mailing List", "Mitigation", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/02/23/24", "name" : "http://www.openwall.com/lists/oss-security/2015/02/23/24", "refsource" : "", "tags" : [ "Mailing List", "Mitigation", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cabextract_project:cabextract:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-29T21:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2062", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/130796/WordPress-Huge-IT-Slider-2.6.8-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/130796/WordPress-Huge-IT-Slider-2.6.8-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/130796/WordPress-Huge-IT-Slider-2.6.8-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/130796/WordPress-Huge-IT-Slider-2.6.8-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/534852/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/534852/100/0/threaded", "refsource" : "", "tags" : [ "Not Applicable", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/534852/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/534852/100/0/threaded", "refsource" : "", "tags" : [ "Not Applicable", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://wordpress.org/support/topic/huge-it-slider-security-vulnerability-notification-sql-injection", "name" : "https://wordpress.org/support/topic/huge-it-slider-security-vulnerability-notification-sql-injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/support/topic/huge-it-slider-security-vulnerability-notification-sql-injection", "name" : "https://wordpress.org/support/topic/huge-it-slider-security-vulnerability-notification-sql-injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23250", "name" : "https://www.htbridge.com/advisory/HTB23250", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23250", "name" : "https://www.htbridge.com/advisory/HTB23250", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:huge-it:huge-it_slider:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.7.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-08T18:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2073", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html", "name" : "http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html", "name" : "http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Feb/92", "name" : "http://seclists.org/fulldisclosure/2015/Feb/92", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Feb/92", "name" : "http://seclists.org/fulldisclosure/2015/Feb/92", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72774", "name" : "http://www.securityfocus.com/bid/72774", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72774", "name" : "http://www.securityfocus.com/bid/72774", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:businessobjects_edge:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2021-08-09T19:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2074", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html", "name" : "http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html", "name" : "http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Feb/93", "name" : "http://seclists.org/fulldisclosure/2015/Feb/93", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Feb/93", "name" : "http://seclists.org/fulldisclosure/2015/Feb/93", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72776", "name" : "http://www.securityfocus.com/bid/72776", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72776", "name" : "http://www.securityfocus.com/bid/72776", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:businessobjects_edge:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2021-08-09T19:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2079", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-white.com/blog/2015-05-cve-2015-2079-rce-usermin/", "name" : "https://code-white.com/blog/2015-05-cve-2015-2079-rce-usermin/", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://code-white.com/public-vulnerability-list/", "name" : "https://code-white.com/public-vulnerability-list/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webmin:usermin:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.980", "versionEndExcluding" : "1.660", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2025-04-28T15:15Z", "lastModifiedDate" : "2025-05-14T18:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2081", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "name" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "name" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_3_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_2_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_xl_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_xl:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_3_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_2_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_3_x_all-flash_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_3_x_all-flash:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_virtual_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_virtual:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_imaged_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_imaged:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-20T06:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2098", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-058/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-058/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-058/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-058/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-060/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-060/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-060/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-060/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-061/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-061/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-061/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-061/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-064/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-064/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-064/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-064/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-065/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-065/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-065/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-065/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-066/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-066/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-066/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-066/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webgateinc:edvr_manager:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2021-07-22T18:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2099", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-055/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-055/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-055/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-055/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-056/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-056/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-056/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-056/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-063/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-063/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-063/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-063/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in the LoginContoller.LoginControllerCtrl.1 control, or (3) GetThumbnail function in the WESPPlayback.WESPPlaybackCtrl.1 control." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webgateinc:control_center:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2021-07-22T18:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2100", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-057/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-057/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-057/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-057/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-067/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-067/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-067/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-067/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) TCPDiscover or (2) TCPDiscover2 function in the WESPDiscovery.WESPDiscoveryCtrl.1 control." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webgate:edvr_manager:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webgate:control_center:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2021-07-22T18:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2104", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-02-19T14:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2119", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2127", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2128", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2129", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2130", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2131", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2133", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2138", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2168", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-03-03T11:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2178", "ASSIGNER" : "productcert@siemens.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2179", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.vapid.dhs.org/advisory.php?v=115", "name" : "http://www.vapid.dhs.org/advisory.php?v=115", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisory.php?v=115", "name" : "http://www.vapid.dhs.org/advisory.php?v=115", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xaviershay-dm-rails_porject:xaviershay-dm-rails:0.10.3.8:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2023-12-12T17:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2186", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/edx/configuration/pull/1885/files", "name" : "https://github.com/edx/configuration/pull/1885/files", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/edx/configuration/pull/1885/files", "name" : "https://github.com/edx/configuration/pull/1885/files", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://open.edx.org/CVE-2015-2186", "name" : "https://open.edx.org/CVE-2015-2186", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://open.edx.org/CVE-2015-2186", "name" : "https://open.edx.org/CVE-2015-2186", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal \"False\" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but the version number was not changed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:edx:edx-platform:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.6.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:edx:configuration:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-03T15:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2201", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:airwave:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0.0", "versionEndExcluding" : "8.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0.0", "versionEndExcluding" : "7.7.14.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2023-09-05T18:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2202", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:airwave:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0.0", "versionEndExcluding" : "8.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0.0", "versionEndExcluding" : "7.7.14.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2023-09-05T18:15Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2203", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9", "name" : "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9", "name" : "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7", "name" : "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7", "name" : "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4", "name" : "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4", "name" : "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/", "name" : "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/", "name" : "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063", "name" : "http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063", "name" : "http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/04/3", "name" : "[oss-security] 20150303 Re: CVE request - Evergreen", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/04/3", "name" : "[oss-security] 20150303 Re: CVE request - Evergreen", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/72885", "name" : "72885", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72885", "name" : "72885", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.launchpad.net/evergreen/+bug/1206589", "name" : "https://bugs.launchpad.net/evergreen/+bug/1206589", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://bugs.launchpad.net/evergreen/+bug/1206589", "name" : "https://bugs.launchpad.net/evergreen/+bug/1206589", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:evergreen-ils:evergreen:2.7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:evergreen-ils:evergreen:2.6.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:evergreen-ils:evergreen:2.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-01T17:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2204", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9", "name" : "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9", "name" : "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7", "name" : "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7", "name" : "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4", "name" : "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4", "name" : "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/", "name" : "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Release Notes" ] }, { "url" : "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/", "name" : "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Release Notes" ] }, { "url" : "http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=3a0f1cc7b2efa517ee4cd4c6a682237554fed307", "name" : "http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=3a0f1cc7b2efa517ee4cd4c6a682237554fed307", "refsource" : "", "tags" : [ ] }, { "url" : "http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=3a0f1cc7b2efa517ee4cd4c6a682237554fed307", "name" : "http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=3a0f1cc7b2efa517ee4cd4c6a682237554fed307", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/04/3", "name" : "[oss-security] 20150303 Re: CVE request - Evergreen", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/04/3", "name" : "[oss-security] 20150303 Re: CVE request - Evergreen", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/72889", "name" : "72889", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72889", "name" : "72889", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugs.launchpad.net/evergreen/+bug/1424755", "name" : "https://bugs.launchpad.net/evergreen/+bug/1424755", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://bugs.launchpad.net/evergreen/+bug/1424755", "name" : "https://bugs.launchpad.net/evergreen/+bug/1424755", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:evergreen-ils:evergreen:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.7.0", "versionEndExcluding" : "2.7.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:evergreen-ils:evergreen:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.6.0", "versionEndExcluding" : "2.6.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:evergreen-ils:evergreen:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.5.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-01T17:29Z", "lastModifiedDate" : "2024-11-21T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2207", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/132807/NetCracker-Resource-Management-System-8.0-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/132807/NetCracker-Resource-Management-System-8.0-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/132807/NetCracker-Resource-Management-System-8.0-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/132807/NetCracker-Resource-Management-System-8.0-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/536053/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/536053/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/536053/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/536053/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netcracker:resource_management_system:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-08T18:15Z", "lastModifiedDate" : "2024-11-21T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2212", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-5623. Reason: This candidate is a reservation duplicate of CVE-2015-5623. Notes: All CVE users should reference CVE-2015-5623 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-08-03T14:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2230", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.zimbra.com/show_bug.cgi?id=97625", "name" : "https://bugzilla.zimbra.com/show_bug.cgi?id=97625", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.zimbra.com/show_bug.cgi?id=97625", "name" : "https://bugzilla.zimbra.com/show_bug.cgi?id=97625", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Security_Center", "name" : "https://wiki.zimbra.com/wiki/Security_Center", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Security_Center", "name" : "https://wiki.zimbra.com/wiki/Security_Center", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0", "versionEndExcluding" : "8.7.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-30T20:29Z", "lastModifiedDate" : "2024-11-21T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2235", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1067. Reason: This candidate is a duplicate of CVE-2015-1067. Notes: All CVE users should reference CVE-2015-1067 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-03-07T02:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2236", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2249", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Zimbra Collaboration before 8.6.0 patch5 has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_server:8.6.0:patch1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_server:8.6.0:patch2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_server:8.6.0:patch3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_server:8.6.0:patch4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "8.5.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_server:8.6.0:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-27T19:15Z", "lastModifiedDate" : "2024-11-21T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2254", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.huawei.com/en/psirt/security-advisories/hw-417839", "name" : "https://www.huawei.com/en/psirt/security-advisories/hw-417839", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.huawei.com/en/psirt/security-advisories/hw-417839", "name" : "https://www.huawei.com/en/psirt/security-advisories/hw-417839", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_uds_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "100r002c01spc102", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:oceanstor_uds:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-13T16:29Z", "lastModifiedDate" : "2024-11-21T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2287", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A typo caused the wrong ID to be used. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-02-11T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2298", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/03/15/3", "name" : "[oss-security] 20150314 Re: CVE Request for information leak in Etherpad exports", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/15/3", "name" : "[oss-security] 20150314 Re: CVE Request for information leak in Etherpad exports", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d", "name" : "https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d", "name" : "https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/ether/etherpad-lite/releases/tag/1.5.2", "name" : "https://github.com/ether/etherpad-lite/releases/tag/1.5.2", "refsource" : "", "tags" : [ "Patch", "Release Notes" ] }, { "url" : "https://github.com/ether/etherpad-lite/releases/tag/1.5.2", "name" : "https://github.com/ether/etherpad-lite/releases/tag/1.5.2", "refsource" : "", "tags" : [ "Patch", "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:etherpad:etherpad:1.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:etherpad:etherpad:1.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:etherpad:etherpad:1.5.0:d:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T17:29Z", "lastModifiedDate" : "2024-11-21T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2302", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6405. Reason: This candidate is a reservation duplicate of CVE-2014-6405. Notes: All CVE users should reference CVE-2014-6405 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-02-05T02:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2303", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6406. Reason: This candidate is a reservation duplicate of CVE-2014-6406. Notes: All CVE users should reference CVE-2014-6406 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-02-05T02:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2318", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/", "name" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/", "name" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/17/9", "name" : "[oss-security] 20150317 Re: Mono TLS vulnerabilities", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/17/9", "name" : "[oss-security] 20150317 Re: Mono TLS vulnerabilities", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/73253", "name" : "73253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/73253", "name" : "73253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2547-1", "name" : "USN-2547-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2547-1", "name" : "USN-2547-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4", "name" : "https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4", "name" : "https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://mitls.org/pages/attacks/SMACK#skip", "name" : "https://mitls.org/pages/attacks/SMACK#skip", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://mitls.org/pages/attacks/SMACK#skip", "name" : "https://mitls.org/pages/attacks/SMACK#skip", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2015/dsa-3202", "name" : "DSA-3202", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2015/dsa-3202", "name" : "DSA-3202", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a \"SMACK SKIP-TLS\" issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mono-project:mono:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.12.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2319", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/", "name" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/", "name" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/17/9", "name" : "[oss-security] 20150317 Re: Mono TLS vulnerabilities", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/17/9", "name" : "[oss-security] 20150317 Re: Mono TLS vulnerabilities", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/73250", "name" : "73250", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/73250", "name" : "73250", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2547-1", "name" : "USN-2547-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2547-1", "name" : "USN-2547-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10", "name" : "https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10", "name" : "https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://mitls.org/pages/attacks/SMACK#freak", "name" : "https://mitls.org/pages/attacks/SMACK#freak", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://mitls.org/pages/attacks/SMACK#freak", "name" : "https://mitls.org/pages/attacks/SMACK#freak", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2015/dsa-3202", "name" : "DSA-3202", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2015/dsa-3202", "name" : "DSA-3202", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mono-project:mono:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.12.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2320", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/", "name" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/", "name" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/17/9", "name" : "[oss-security] 20150317 Re: Mono TLS vulnerabilities", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/03/17/9", "name" : "[oss-security] 20150317 Re: Mono TLS vulnerabilities", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/73256", "name" : "73256", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/73256", "name" : "73256", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2547-1", "name" : "USN-2547-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2547-1", "name" : "USN-2547-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b", "name" : "https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b", "name" : "https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2015/dsa-3202", "name" : "DSA-3202", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2015/dsa-3202", "name" : "DSA-3202", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mono-project:mono:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.12.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-08T19:29Z", "lastModifiedDate" : "2024-11-21T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2324", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fortiguard.com/zeroday/FG-VD-15-009", "name" : "https://fortiguard.com/zeroday/FG-VD-15-009", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://fortiguard.com/zeroday/FG-VD-15-009", "name" : "https://fortiguard.com/zeroday/FG-VD-15-009", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt", "name" : "https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt", "name" : "https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt", "refsource" : "", "tags" : [ "Product", "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-19T19:29Z", "lastModifiedDate" : "2024-11-21T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2325", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" }, { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html", "name" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html", "name" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.exim.org/show_bug.cgi?id=1591", "name" : "https://bugs.exim.org/show_bug.cgi?id=1591", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://bugs.exim.org/show_bug.cgi?id=1591", "name" : "https://bugs.exim.org/show_bug.cgi?id=1591", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://fortiguard.com/zeroday/FG-VD-15-015", "name" : "https://fortiguard.com/zeroday/FG-VD-15-015", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://fortiguard.com/zeroday/FG-VD-15-015", "name" : "https://fortiguard.com/zeroday/FG-VD-15-015", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.pcre.org/original/changelog.txt", "name" : "https://www.pcre.org/original/changelog.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.pcre.org/original/changelog.txt", "name" : "https://www.pcre.org/original/changelog.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.37", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.0.18", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.5.0", "versionEndExcluding" : "5.5.26", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.4.0", "versionEndExcluding" : "5.4.41", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.6.0", "versionEndExcluding" : "5.6.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-14T17:15Z", "lastModifiedDate" : "2024-11-21T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2326", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html", "name" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html", "name" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.exim.org/show_bug.cgi?id=1592", "name" : "https://bugs.exim.org/show_bug.cgi?id=1592", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://bugs.exim.org/show_bug.cgi?id=1592", "name" : "https://bugs.exim.org/show_bug.cgi?id=1592", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://fortiguard.com/zeroday/FG-VD-15-016", "name" : "https://fortiguard.com/zeroday/FG-VD-15-016", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://fortiguard.com/zeroday/FG-VD-15-016", "name" : "https://fortiguard.com/zeroday/FG-VD-15-016", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.pcre.org/original/changelog.txt", "name" : "https://www.pcre.org/original/changelog.txt", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://www.pcre.org/original/changelog.txt", "name" : "https://www.pcre.org/original/changelog.txt", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\"." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.37", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndExcluding" : "10.0.18", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.5.0", "versionEndExcluding" : "5.5.26", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.4.0", "versionEndExcluding" : "5.4.41", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.6.0", "versionEndExcluding" : "5.6.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-14T17:15Z", "lastModifiedDate" : "2024-11-21T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2329", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fortiguard.com/zeroday/FG-VD-15-020", "name" : "https://fortiguard.com/zeroday/FG-VD-15-020", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://fortiguard.com/zeroday/FG-VD-15-020", "name" : "https://fortiguard.com/zeroday/FG-VD-15-020", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt", "name" : "https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt", "name" : "https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:woocommerce:woocommerce:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.3.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-08T23:29Z", "lastModifiedDate" : "2024-11-21T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2343", "ASSIGNER" : "security@vmware.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2345", "ASSIGNER" : "security@vmware.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2386", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2392", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2393", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2394", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2395", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2396", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2399", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2400", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2405", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2407", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2409", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2436", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2437", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2438", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2439", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2457", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2488", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2495", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2496", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2497", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2533", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2537", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2538", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2539", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2540", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2547", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2551", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2569", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2670", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2671", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2688", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-755" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html", "name" : "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html", "refsource" : "", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html", "name" : "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html", "refsource" : "", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://trac.torproject.org/projects/tor/ticket/15083", "name" : "https://trac.torproject.org/projects/tor/ticket/15083", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://trac.torproject.org/projects/tor/ticket/15083", "name" : "https://trac.torproject.org/projects/tor/ticket/15083", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.2.4.26", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.2.5.1", "versionEndExcluding" : "0.2.5.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-24T18:15Z", "lastModifiedDate" : "2024-11-21T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2689", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html", "name" : "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html", "refsource" : "", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html", "name" : "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html", "refsource" : "", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://trac.torproject.org/projects/tor/ticket/14129", "name" : "https://trac.torproject.org/projects/tor/ticket/14129", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://trac.torproject.org/projects/tor/ticket/14129", "name" : "https://trac.torproject.org/projects/tor/ticket/14129", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.2.4.26", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.2.5.1", "versionEndExcluding" : "0.2.5.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-24T18:15Z", "lastModifiedDate" : "2024-11-21T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2723", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-4000. Reason: This candidate is a duplicate of CVE-2015-4000. Notes: All CVE users should reference CVE-2015-4000 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-06-20T14:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2784", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/rsantamaria/papercrop/blob/master/CHANGELOG.md", "name" : "https://github.com/rsantamaria/papercrop/blob/master/CHANGELOG.md", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/rsantamaria/papercrop/blob/master/CHANGELOG.md", "name" : "https://github.com/rsantamaria/papercrop/blob/master/CHANGELOG.md", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579", "name" : "https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579", "name" : "https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:papercrop_project:papercrop:*:*:*:*:*:ruby:*:*", "versionEndExcluding" : "0.3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-21T18:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2793", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/03/30/5", "name" : "http://openwall.com/lists/oss-security/2015/03/30/5", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/03/30/5", "name" : "http://openwall.com/lists/oss-security/2015/03/30/5", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/03/31/1", "name" : "http://openwall.com/lists/oss-security/2015/03/31/1", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/03/31/1", "name" : "http://openwall.com/lists/oss-security/2015/03/31/1", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77", "name" : "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77", "refsource" : "", "tags" : [ ] }, { "url" : "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77", "name" : "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1207210", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1207210", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1207210", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1207210", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/", "name" : "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/", "name" : "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.20150329", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-21T20:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2796", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Project-Pier/ProjectPier-Core/commit/74ecbd4e939a65ba643a4af05fbdb1bb66992435", "name" : "https://github.com/Project-Pier/ProjectPier-Core/commit/74ecbd4e939a65ba643a4af05fbdb1bb66992435", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Project-Pier/ProjectPier-Core/commit/74ecbd4e939a65ba643a4af05fbdb1bb66992435", "name" : "https://github.com/Project-Pier/ProjectPier-Core/commit/74ecbd4e939a65ba643a4af05fbdb1bb66992435", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Project-Pier/ProjectPier-Core/issues/37", "name" : "https://github.com/Project-Pier/ProjectPier-Core/issues/37", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/Project-Pier/ProjectPier-Core/issues/37", "name" : "https://github.com/Project-Pier/ProjectPier-Core/issues/37", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:projectpier:projectpier:0.8.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-02T21:29Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2802", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=143455780010289&w=2", "name" : "http://marc.info/?l=bugtraq&m=143455780010289&w=2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=143455780010289&w=2", "name" : "http://marc.info/?l=bugtraq&m=143455780010289&w=2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=143629738517220&w=2", "name" : "http://marc.info/?l=bugtraq&m=143629738517220&w=2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=143629738517220&w=2", "name" : "http://marc.info/?l=bugtraq&m=143629738517220&w=2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/75258", "name" : "http://www.securityfocus.com/bid/75258", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/75258", "name" : "http://www.securityfocus.com/bid/75258", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/cve/CVE-2015-2802", "name" : "https://packetstormsecurity.com/files/cve/CVE-2015-2802", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/cve/CVE-2015-2802", "name" : "https://packetstormsecurity.com/files/cve/CVE-2015-2802", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://securitytracker.com/id/1032599", "name" : "https://securitytracker.com/id/1032599", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://securitytracker.com/id/1032599", "name" : "https://securitytracker.com/id/1032599", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:asset_manager:9.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:asset_manager:9.50:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:asset_manager_cloudsystem_chargeback:9.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:asset_manager:9.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:asset_manager:9.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:asset_manager:9.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:asset_manager:9.32:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:sitescope:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.20", "versionEndIncluding" : "11.24", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:sitescope:11.30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-04T21:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2865", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-4640, CVE-2015-4641. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-06-19T14:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2909", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/", "name" : "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/", "name" : "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/276148", "name" : "http://www.kb.cert.org/vuls/id/276148", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/276148", "name" : "http://www.kb.cert.org/vuls/id/276148", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states \"The user is presented with clear warnings on the GUI that they should set usernames and passwords.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:dv-ip_express_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:dv-ip_express:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:sd-advanced_-_sdhd_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:sd-advanced_-_sdhd:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:sd-advanced_8\\/12\\/16_vga_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:sd-advanced_8\\/12\\/16_vga:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:sd_advanced_closed_iptv_\\(m3u\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:sd_advanced_closed_iptv_\\(m3u\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:sd_advanced_non_closed_iptv_\\(m3u\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:sd_advanced_non_closed_iptv_\\(m3u\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:sd_advanced_nvr_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:sd_advanced_nvr:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:sd_32_\\(m3g\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:sd_32_\\(m3g\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:sd_32_\\(m3h\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:sd_32_\\(m3h\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:sd_4_\\(m3s\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:sd_4_\\(m3s\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:sd_4_\\(m3t\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:sd_4_\\(m3t\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:sd_8\\/12\\/16_no_kbd_\\(m3r\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:sd_8\\/12\\/16_no_kbd_\\(m3r\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:sd_8\\/12\\/16_no_kbd_\\(m3s\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:sd_8\\/12\\/16_no_kbd_\\(m3s\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:sd_8\\/16_front_panel_kbd_\\(m3r\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:sd_8\\/16_front_panel_kbd_\\(m3r\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:sd_8\\/16_front_panel_kbd_\\(m3u\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:sd_8\\/16_front_panel_kbd_\\(m3u\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:ecosense_4\\/8\\/16_\\(m4t\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:ecosense_4\\/8\\/16_\\(m4t\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:ds2_\\(dvtr\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:ds2_\\(dvtr\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:ds2_\\(dvtu\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:ds2_\\(dvtu\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:ds2_\\(dvtx\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:ds2_\\(dvtx\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:ds2_\\(dvtx\\)_netvu_connected_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:ds2_\\(dvtx\\)_netvu_connected:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netvu:ds2_\\(m2ip\\)_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:netvu:ds2_\\(m2ip\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-06T15:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2923", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://openwall.com/lists/oss-security/2015/04/04/2", "name" : "http://openwall.com/lists/oss-security/2015/04/04/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/04/04/2", "name" : "http://openwall.com/lists/oss-security/2015/04/04/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a", "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a", "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041934.html", "name" : "https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041934.html", "refsource" : "", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041934.html", "name" : "https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041934.html", "refsource" : "", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:09.ipv6.asc", "name" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:09.ipv6.asc", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:09.ipv6.asc", "name" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:09.ipv6.asc", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 3.3 }, "severity" : "LOW", "exploitabilityScore" : 6.5, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-20T04:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2928", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://openwall.com/lists/oss-security/2015/04/06/5", "name" : "[oss-security] 20150406 CVE Request: tor: new upstream releases (0.2.6.7, 0.2.5.12 and 0.2.4.27) fixing security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/04/06/5", "name" : "[oss-security] 20150406 CVE Request: tor: new upstream releases (0.2.6.7, 0.2.5.12 and 0.2.4.27) fixing security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://trac.torproject.org/projects/tor/ticket/15600", "name" : "https://trac.torproject.org/projects/tor/ticket/15600", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://trac.torproject.org/projects/tor/ticket/15600", "name" : "https://trac.torproject.org/projects/tor/ticket/15600", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.2.6.1", "versionEndExcluding" : "0.2.6.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.2.5.1", "versionEndExcluding" : "0.2.5.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.2.4.27", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-24T18:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2929", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://openwall.com/lists/oss-security/2015/04/06/5", "name" : "http://openwall.com/lists/oss-security/2015/04/06/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/04/06/5", "name" : "http://openwall.com/lists/oss-security/2015/04/06/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://trac.torproject.org/projects/tor/ticket/15601", "name" : "https://trac.torproject.org/projects/tor/ticket/15601", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://trac.torproject.org/projects/tor/ticket/15601", "name" : "https://trac.torproject.org/projects/tor/ticket/15601", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.2.6.1", "versionEndExcluding" : "0.2.6.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.2.5.1", "versionEndExcluding" : "0.2.5.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.2.4.27", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-24T18:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2968", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-924" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://official-blog.line.me/ja/archives/36495925.html", "name" : "http://official-blog.line.me/ja/archives/36495925.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://official-blog.line.me/ja/archives/36495925.html", "name" : "http://official-blog.line.me/ja/archives/36495925.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jvn.jp/en/jp/JVN22546110/", "name" : "https://jvn.jp/en/jp/JVN22546110/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jvn.jp/en/jp/JVN22546110/", "name" : "https://jvn.jp/en/jp/JVN22546110/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:line:line\\@:1.0.0:*:*:*:*:iphone_os:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:line:line\\@:1.0.0:*:*:*:*:android:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 } }, "publishedDate" : "2023-10-31T10:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2981", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://jvn.jp/en/jp/JVN29053368/index.html", "name" : "JVN#29053368", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://jvn.jp/en/jp/JVN29053368/index.html", "name" : "JVN#29053368", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000111.html", "name" : "JVNDB-2015-000111", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000111.html", "name" : "JVNDB-2015-000111", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/76266", "name" : "76266", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/76266", "name" : "76266", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yodobashi:yodobashi:*:*:*:*:*:android:*:*", "versionEndIncluding" : "1.2.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T17:29Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-2992", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://jvn.jp/en/jp/JVN88408929/index.html", "name" : "http://jvn.jp/en/jp/JVN88408929/index.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://jvn.jp/en/jp/JVN88408929/index.html", "name" : "http://jvn.jp/en/jp/JVN88408929/index.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html", "name" : "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html", "name" : "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/76624", "name" : "http://www.securityfocus.com/bid/76624", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/76624", "name" : "http://www.securityfocus.com/bid/76624", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20200330-0001/", "name" : "https://security.netapp.com/advisory/ntap-20200330-0001/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20200330-0001/", "name" : "https://security.netapp.com/advisory/ntap-20200330-0001/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0.0", "versionEndExcluding" : "2.3.20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-27T18:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3006", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-331" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://kb.juniper.net/JSA10678", "name" : "https://kb.juniper.net/JSA10678", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://kb.juniper.net/JSA10678", "name" : "https://kb.juniper.net/JSA10678", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.2x50:d10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.2x50:d56.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.2x50:d42.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.2x50:d41.1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.2x50:d20:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.1x50:d10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.1x50:d25:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2x51:d20:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2x51:d21:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2x51:d20.2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2x51:d15:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2x52:d10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:13.2x52:d5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-28T23:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3045", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3094", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3140", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://web.synametrics.com/SynamanVersionHistory.htm", "name" : "http://web.synametrics.com/SynamanVersionHistory.htm", "refsource" : "", "tags" : [ "Mitigation", "Release Notes", "Vendor Advisory" ] }, { "url" : "http://web.synametrics.com/SynamanVersionHistory.htm", "name" : "http://web.synametrics.com/SynamanVersionHistory.htm", "refsource" : "", "tags" : [ "Mitigation", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://web.synametrics.com/SyncrifyVersionHistory.htm", "name" : "https://web.synametrics.com/SyncrifyVersionHistory.htm", "refsource" : "", "tags" : [ "Mitigation", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://web.synametrics.com/SyncrifyVersionHistory.htm", "name" : "https://web.synametrics.com/SyncrifyVersionHistory.htm", "refsource" : "", "tags" : [ "Mitigation", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://web.synametrics.com/SyntailVersionHistory.htm", "name" : "https://web.synametrics.com/SyntailVersionHistory.htm", "refsource" : "", "tags" : [ "Mitigation", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://web.synametrics.com/SyntailVersionHistory.htm", "name" : "https://web.synametrics.com/SyntailVersionHistory.htm", "refsource" : "", "tags" : [ "Mitigation", "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.4:build1444:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.4:build1434:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.3:build1430:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.3:build1425:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.3:build1418:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.2:build1398:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.2:build1394:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.2:build1393:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.1:build1386:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.1:build1384:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.1:build1382:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.1:build1380:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.0:build1365:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.0:build1363:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:3.0:build1358:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.7:build1342:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.7:build1341:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.7:build1337:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.6:build1328:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1325:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1324:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1322:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1321:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1318:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1316:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1314:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1313:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1310:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1304:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1303:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1302:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1291:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1289:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.5:build1282:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.4:build1272:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.3:build1261:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.3:build1259:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.2:build1246:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.2:build1205:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.1:build1202:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:2.0:build1185:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:1.1:build972:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:1.0:build805:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:synaman:1.0:build786:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:2.5:build473:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.1:build614:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.3:build704:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.7:build834:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.7:build833:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.6:build828:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.6:build823:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.6:build814:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.6:build813:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.6:build812:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.6:build809:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.6:build800:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.5:build781:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.5:build778:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.4:build749:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.4:build741:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.4:build735:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.4:build725:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.3:build700:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.3:build696:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.3:build693:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.3:build688:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.3:build682:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.2:build649:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.2:build638:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.2:build633:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.2:build630:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.2:build629:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.0:build596:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.0:build591:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.0:build580:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:2.6:build522:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:2.6:build517:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:2.6:build510:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:2.4:build459:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:2.3:build444:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:2.3:build443:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:2.2:build432:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:2.2:build429:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:2.1:build422:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:2.1:build420:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.7:build850:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:3.7:build844:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:1.3:build375:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:1.4:build379:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:1.4:build393:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:2.0:build413:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:2.0:build415:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:2.4:build463:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:1.3:build352:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:1.3:build369:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syncrify:1.3:build372:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syntail:1.2:build445:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syntail:1.1:build429:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syntail:1.0:build420:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synametrics:syntail:1.5:build561:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-21T22:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3147", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://rhn.redhat.com/errata/RHSA-2015-1083.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-1083.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2015-1083.html", "name" : "http://rhn.redhat.com/errata/RHSA-2015-1083.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/04/17/5", "name" : "http://www.openwall.com/lists/oss-security/2015/04/17/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/04/17/5", "name" : "http://www.openwall.com/lists/oss-security/2015/04/17/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1212953", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1212953", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1212953", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1212953", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091", "name" : "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091", "name" : "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/pull/955", "name" : "https://github.com/abrt/abrt/pull/955", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/pull/955", "name" : "https://github.com/abrt/abrt/pull/955", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.8, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-14T18:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3150", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1214457", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1214457", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1214457", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1214457", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8", "name" : "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8", "name" : "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1", "name" : "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1", "name" : "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7", "name" : "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7", "name" : "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75", "name" : "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75", "name" : "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-14T18:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3151", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3", "name" : "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3", "name" : "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932", "name" : "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932", "name" : "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b", "name" : "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b", "name" : "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277", "name" : "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277", "name" : "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364", "name" : "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364", "name" : "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-14T18:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3154", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://framework.zend.com/security/advisory/ZF2015-04", "name" : "http://framework.zend.com/security/advisory/ZF2015-04", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://framework.zend.com/security/advisory/ZF2015-04", "name" : "http://framework.zend.com/security/advisory/ZF2015-04", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CRLF injection vulnerability in Zend\\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.4.0", "versionEndExcluding" : "2.4.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.3.0", "versionEndExcluding" : "2.3.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-27T16:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3157", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-07-02T14:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3159", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1216962", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1216962", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1216962", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1216962", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b", "name" : "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b", "name" : "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a", "name" : "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a", "name" : "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-14T18:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3166", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://ubuntu.com/usn/usn-2621-1", "name" : "http://ubuntu.com/usn/usn-2621-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://ubuntu.com/usn/usn-2621-1", "name" : "http://ubuntu.com/usn/usn-2621-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3269", "name" : "http://www.debian.org/security/2015/dsa-3269", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3269", "name" : "http://www.debian.org/security/2015/dsa-3269", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3270", "name" : "http://www.debian.org/security/2015/dsa-3270", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3270", "name" : "http://www.debian.org/security/2015/dsa-3270", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.postgresql.org/about/news/1587/", "name" : "http://www.postgresql.org/about/news/1587/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/about/news/1587/", "name" : "http://www.postgresql.org/about/news/1587/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html", "name" : "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html", "name" : "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html", "name" : "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html", "name" : "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html", "name" : "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html", "name" : "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html", "name" : "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html", "name" : "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html", "name" : "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html", "name" : "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.4", "versionEndExcluding" : "9.4.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.3", "versionEndExcluding" : "9.3.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.2", "versionEndExcluding" : "9.2.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1", "versionEndExcluding" : "9.1.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9.0.20", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-20T21:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3167", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://ubuntu.com/usn/usn-2621-1", "name" : "http://ubuntu.com/usn/usn-2621-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://ubuntu.com/usn/usn-2621-1", "name" : "http://ubuntu.com/usn/usn-2621-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3269", "name" : "http://www.debian.org/security/2015/dsa-3269", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3269", "name" : "http://www.debian.org/security/2015/dsa-3269", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3270", "name" : "http://www.debian.org/security/2015/dsa-3270", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3270", "name" : "http://www.debian.org/security/2015/dsa-3270", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.postgresql.org/about/news/1587/", "name" : "http://www.postgresql.org/about/news/1587/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/about/news/1587/", "name" : "http://www.postgresql.org/about/news/1587/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html", "name" : "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html", "name" : "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html", "name" : "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html", "name" : "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html", "name" : "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html", "name" : "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html", "name" : "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html", "name" : "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html", "name" : "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html", "name" : "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.4", "versionEndExcluding" : "9.4.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.3", "versionEndExcluding" : "9.3.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.2", "versionEndExcluding" : "9.2.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1", "versionEndExcluding" : "9.1.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9.0.20", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-20T21:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3168", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-3164. Reason: This candidate is a reservation duplicate of CVE-2015-3164. Notes: All CVE users should reference CVE-2015-3164 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-05-19T10:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3172", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jkk/eidogo/issues/27", "name" : "https://github.com/jkk/eidogo/issues/27", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/jkk/eidogo/issues/27", "name" : "https://github.com/jkk/eidogo/issues/27", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/jkk/eidogo/pull/26", "name" : "https://github.com/jkk/eidogo/pull/26", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/jkk/eidogo/pull/26", "name" : "https://github.com/jkk/eidogo/pull/26", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eidogo:eidogo:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2022-07-06T20:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3173", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.nettitude.com/uk/custom-content-type-manager-remote-code-execution", "name" : "https://blog.nettitude.com/uk/custom-content-type-manager-remote-code-execution", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://blog.nettitude.com/uk/custom-content-type-manager-remote-code-execution", "name" : "https://blog.nettitude.com/uk/custom-content-type-manager-remote-code-execution", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/craftsmancoding/custom-content-type-manager/blob/master/readme.txt", "name" : "https://github.com/craftsmancoding/custom-content-type-manager/blob/master/readme.txt", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/craftsmancoding/custom-content-type-manager/blob/master/readme.txt", "name" : "https://github.com/craftsmancoding/custom-content-type-manager/blob/master/readme.txt", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/6b3d0736-7f08-4403-95eb-4385cb206f9e", "name" : "https://wpscan.com/vulnerability/6b3d0736-7f08-4403-95eb-4385cb206f9e", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/6b3d0736-7f08-4403-95eb-4385cb206f9e", "name" : "https://wpscan.com/vulnerability/6b3d0736-7f08-4403-95eb-4385cb206f9e", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:custom_content_type_manager_project:custom_content_type_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "0.9.8.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2022-07-06T20:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3199", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a product. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-07-10T19:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3207", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-311" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1221882", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1221882", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1221882", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1221882", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://github.com/openshift/origin/pull/2261", "name" : "https://github.com/openshift/origin/pull/2261", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/openshift/origin/pull/2261", "name" : "https://github.com/openshift/origin/pull/2261", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/openshift/origin/pull/2291", "name" : "https://github.com/openshift/origin/pull/2291", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/openshift/origin/pull/2291", "name" : "https://github.com/openshift/origin/pull/2291", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openshift:origin:3.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2022-07-07T13:15Z", "lastModifiedDate" : "2024-11-21T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3208", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-07-25T18:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3242", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-06-26T10:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3260", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3261", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3262", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3263", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3264", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3265", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3266", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3287", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6587. Reason: This candidate is a duplicate of CVE-2015-6587. Notes: All CVE users should reference CVE-2015-6587 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-08-12T14:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3298", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-347" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://developers.yubico.com/ykneo-openpgp/SecurityAdvisory%202015-04-14.html", "name" : "https://developers.yubico.com/ykneo-openpgp/SecurityAdvisory%202015-04-14.html", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Vendor Advisory" ] }, { "url" : "https://developers.yubico.com/ykneo-openpgp/SecurityAdvisory%202015-04-14.html", "name" : "https://developers.yubico.com/ykneo-openpgp/SecurityAdvisory%202015-04-14.html", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yubico:ykneo-openpgp:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.5, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2022-03-30T00:15Z", "lastModifiedDate" : "2024-11-21T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3309", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://cve.killedkenny.io/cve/CVE-2015-3309", "name" : "http://cve.killedkenny.io/cve/CVE-2015-3309", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://cve.killedkenny.io/cve/CVE-2015-3309", "name" : "http://cve.killedkenny.io/cve/CVE-2015-3309", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/04/16/8", "name" : "http://www.openwall.com/lists/oss-security/2015/04/16/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/04/16/8", "name" : "http://www.openwall.com/lists/oss-security/2015/04/16/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://github.com/ether/etherpad-lite/commit/0fa7650df8f940ed6b577d79836a78eb09726c4b", "name" : "https://github.com/ether/etherpad-lite/commit/0fa7650df8f940ed6b577d79836a78eb09726c4b", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/ether/etherpad-lite/commit/0fa7650df8f940ed6b577d79836a78eb09726c4b", "name" : "https://github.com/ether/etherpad-lite/commit/0fa7650df8f940ed6b577d79836a78eb09726c4b", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete fix to CVE-2015-3297." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:etherpad:etherpad:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.1.2", "versionEndIncluding" : "1.5.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-13T20:15Z", "lastModifiedDate" : "2024-11-21T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3377", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3406", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-681" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://ubuntu.com/usn/usn-2607-1", "name" : "http://ubuntu.com/usn/usn-2607-1", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Third Party Advisory" ] }, { "url" : "http://ubuntu.com/usn/usn-2607-1", "name" : "http://ubuntu.com/usn/usn-2607-1", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/04/07/1", "name" : "http://www.openwall.com/lists/oss-security/2015/04/07/1", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/04/07/1", "name" : "http://www.openwall.com/lists/oss-security/2015/04/07/1", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/04/23/17", "name" : "http://www.openwall.com/lists/oss-security/2015/04/23/17", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/04/23/17", "name" : "http://www.openwall.com/lists/oss-security/2015/04/23/17", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f", "name" : "https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f", "name" : "https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://metacpan.org/changes/distribution/Module-Signature", "name" : "https://metacpan.org/changes/distribution/Module-Signature", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://metacpan.org/changes/distribution/Module-Signature", "name" : "https://metacpan.org/changes/distribution/Module-Signature", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:module-signature_project:module-signature:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.74", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-29T21:15Z", "lastModifiedDate" : "2024-11-21T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3423", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/132808/NetCracker-Resource-Management-System-8.0-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/132808/NetCracker-Resource-Management-System-8.0-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/132808/NetCracker-Resource-Management-System-8.0-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/132808/NetCracker-Resource-Management-System-8.0-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/536054/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/536054/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/536054/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/536054/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netcracker:resource_management_system:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-08T18:15Z", "lastModifiedDate" : "2024-11-21T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3424", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/134176/Accentis-Content-Resource-Management-System-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/134176/Accentis-Content-Resource-Management-System-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/134176/Accentis-Content-Resource-Management-System-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/134176/Accentis-Content-Resource-Management-System-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:accentis:content_resource_management_system:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10-2015", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-09T20:15Z", "lastModifiedDate" : "2024-11-21T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3425", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/134177/Accentis-Content-Resource-Management-System-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/134177/Accentis-Content-Resource-Management-System-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/134177/Accentis-Content-Resource-Management-System-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/134177/Accentis-Content-Resource-Management-System-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_content$_uig_formState parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:accentis:content_resource_management_system:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10-2015", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-09T20:15Z", "lastModifiedDate" : "2024-11-21T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3569", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3569. Reason: This candidate is a duplicate of CVE-2014-3569. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-3569 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-04-26T10:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3571", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3571. Reason: This candidate is a duplicate of CVE-2014-3571. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-3571 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-04-26T10:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3572", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3572. Reason: This candidate is a duplicate of CVE-2014-3572. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-3572 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-04-26T10:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3591", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3591. Reason: This candidate is a duplicate of CVE-2014-3591. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-3591 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-02-25T11:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3611", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/74444", "name" : "http://www.securityfocus.com/bid/74444", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/74444", "name" : "http://www.securityfocus.com/bid/74444", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1032188", "name" : "http://www.securitytracker.com/id/1032188", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1032188", "name" : "http://www.securitytracker.com/id/1032188", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://fortiguard.com/psirt/FG-IR-15-011", "name" : "https://fortiguard.com/psirt/FG-IR-15-011", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://fortiguard.com/psirt/FG-IR-15-011", "name" : "https://fortiguard.com/psirt/FG-IR-15-011", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.2.0", "versionEndIncluding" : "5.2.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "5.0.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-04T20:15Z", "lastModifiedDate" : "2024-11-21T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3612", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/74444", "name" : "http://www.securityfocus.com/bid/74444", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/74444", "name" : "http://www.securityfocus.com/bid/74444", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1032188", "name" : "http://www.securitytracker.com/id/1032188", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1032188", "name" : "http://www.securitytracker.com/id/1032188", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://fortiguard.com/psirt/FG-IR-15-011", "name" : "https://fortiguard.com/psirt/FG-IR-15-011", "refsource" : "", "tags" : [ ] }, { "url" : "https://fortiguard.com/psirt/FG-IR-15-011", "name" : "https://fortiguard.com/psirt/FG-IR-15-011", "refsource" : "", "tags" : [ ] }, { "url" : "https://fortiguard.com/psirt/FG-IR-15-011", "name" : "https://fortiguard.com/psirt/FG-IR-15-011", "refsource" : "", "tags" : [ ] }, { "url" : "https://fortiguard.com/psirt/FG-IR-15-011", "name" : "https://fortiguard.com/psirt/FG-IR-15-011", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.2.0", "versionEndIncluding" : "5.2.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "5.0.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-04T20:15Z", "lastModifiedDate" : "2024-11-21T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3613", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/74444", "name" : "http://www.securityfocus.com/bid/74444", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/74444", "name" : "http://www.securityfocus.com/bid/74444", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1032188", "name" : "http://www.securitytracker.com/id/1032188", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1032188", "name" : "http://www.securitytracker.com/id/1032188", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://fortiguard.com/psirt/FG-IR-15-011", "name" : "https://fortiguard.com/psirt/FG-IR-15-011", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://fortiguard.com/psirt/FG-IR-15-011", "name" : "https://fortiguard.com/psirt/FG-IR-15-011", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.2.0", "versionEndIncluding" : "5.2.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "5.0.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-04T20:15Z", "lastModifiedDate" : "2024-11-21T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3618", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://assets.nagios.com/downloads/exchange/nagiosbpi/CHANGELOG.txt", "name" : "https://assets.nagios.com/downloads/exchange/nagiosbpi/CHANGELOG.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://assets.nagios.com/downloads/exchange/nagiosbpi/CHANGELOG.txt", "name" : "https://assets.nagios.com/downloads/exchange/nagiosbpi/CHANGELOG.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://fortiguard.com/zeroday/FG-VD-15-011", "name" : "https://fortiguard.com/zeroday/FG-VD-15-011", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://fortiguard.com/zeroday/FG-VD-15-011", "name" : "https://fortiguard.com/zeroday/FG-VD-15-011", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nagios:business_process_intelligence:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.3.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-06T16:29Z", "lastModifiedDate" : "2024-11-21T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3619", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://dev.virtuemart.net/projects/virtuemart/repository/diff/trunk/virtuemart/administrator/components/com_virtuemart/assets/js/vm2admin.js?utf8=%E2%9C%93&rev=8828&rev_to=8670", "name" : "http://dev.virtuemart.net/projects/virtuemart/repository/diff/trunk/virtuemart/administrator/components/com_virtuemart/assets/js/vm2admin.js?utf8=%E2%9C%93&rev=8828&rev_to=8670", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://dev.virtuemart.net/projects/virtuemart/repository/diff/trunk/virtuemart/administrator/components/com_virtuemart/assets/js/vm2admin.js?utf8=%E2%9C%93&rev=8828&rev_to=8670", "name" : "http://dev.virtuemart.net/projects/virtuemart/repository/diff/trunk/virtuemart/administrator/components/com_virtuemart/assets/js/vm2admin.js?utf8=%E2%9C%93&rev=8828&rev_to=8670", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://fortiguard.com/zeroday/FG-VD-15-027", "name" : "https://fortiguard.com/zeroday/FG-VD-15-027", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://fortiguard.com/zeroday/FG-VD-15-027", "name" : "https://fortiguard.com/zeroday/FG-VD-15-027", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://virtuemart.net/news/470-release-vm3-0-8-2-secured-by-fortinet-s-fortiguard-labs", "name" : "https://virtuemart.net/news/470-release-vm3-0-8-2-secured-by-fortinet-s-fortiguard-labs", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://virtuemart.net/news/470-release-vm3-0-8-2-secured-by-fortinet-s-fortiguard-labs", "name" : "https://virtuemart.net/news/470-release-vm3-0-8-2-secured-by-fortinet-s-fortiguard-labs", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a \"double encode combination of first_name, last_name and company.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:virtuemart:virtuemart:*:*:*:*:*:joomla\\!:*:*", "versionEndExcluding" : "3.0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-06T16:29Z", "lastModifiedDate" : "2024-11-21T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3641", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", "name" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", "name" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an \"Easy\" attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.10.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-12T21:15Z", "lastModifiedDate" : "2024-11-21T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3670", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3825", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-3837. Reason: This candidate is a reservation duplicate of CVE-2015-3837. Notes: All CVE users should reference CVE-2015-3837 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-02-18T23:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3888", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sotiriu.de/adv/NSOADV-2015-001.txt", "name" : "http://sotiriu.de/adv/NSOADV-2015-001.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://sotiriu.de/adv/NSOADV-2015-001.txt", "name" : "http://sotiriu.de/adv/NSOADV-2015-001.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:jolla:sailfish_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.2.16", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T17:29Z", "lastModifiedDate" : "2024-11-21T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3898", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html", "name" : "http://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html", "name" : "http://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/535733/100/0/threaded", "name" : "20150610 Arbitrary File Disclosure and Open Redirect in Bonita BPM", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/535733/100/0/threaded", "name" : "20150610 Arbitrary File Disclosure and Open Redirect in Bonita BPM", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23259", "name" : "https://www.htbridge.com/advisory/HTB23259", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23259", "name" : "https://www.htbridge.com/advisory/HTB23259", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bonitasoft:bonita_bpm_portal:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.5.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-28T21:29Z", "lastModifiedDate" : "2024-11-21T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3907", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://kb.hitcon.org/post/127839729207/codeigniter-rest-server-module-xxe-cve-2015-3907", "name" : "https://kb.hitcon.org/post/127839729207/codeigniter-rest-server-module-xxe-cve-2015-3907", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://kb.hitcon.org/post/127839729207/codeigniter-rest-server-module-xxe-cve-2015-3907", "name" : "https://kb.hitcon.org/post/127839729207/codeigniter-rest-server-module-xxe-cve-2015-3907", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codeigniter-restserver_project:codeigniter-restserver:2.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-07-03T21:15Z", "lastModifiedDate" : "2024-11-21T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3919", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3941", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3944", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3945", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3952", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:pifzer:plum_a\\+_infusion_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "13.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:pifzer:plum_a\\+_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:pifzer:plum_a\\+3_infusion_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "13.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:pifzer:plum_a\\+3_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:pifzer:symbiq_infusion_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.13", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:pifzer:symbiq_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-25T16:29Z", "lastModifiedDate" : "2024-11-21T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3953", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:pifzer:plum_a\\+_infusion_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "13.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:pifzer:plum_a\\+_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:pifzer:plum_a\\+3_infusion_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "13.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:pifzer:plum_a\\+3_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:pifzer:symbiq_infusion_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.13", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:pifzer:symbiq_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-25T17:29Z", "lastModifiedDate" : "2024-11-21T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3954", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-285" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:pifzer:plum_a\\+_infusion_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "13.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:pifzer:plum_a\\+_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:pifzer:plum_a\\+3_infusion_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "13.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:pifzer:plum_a\\+3_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:pifzer:symbiq_infusion_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.13", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:pifzer:symbiq_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-25T17:29Z", "lastModifiedDate" : "2024-11-21T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3956", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-345" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:pifzer:plum_a\\+_infusion_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "13.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:pifzer:plum_a\\+_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:pifzer:plum_a\\+3_infusion_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "13.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:pifzer:plum_a\\+3_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:pifzer:symbiq_infusion_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.13", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:pifzer:symbiq_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-25T18:29Z", "lastModifiedDate" : "2024-11-21T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3965", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger \"unanticipated operations\" by leveraging \"elevated privileges\" for an unspecified call to an incorrectly exposed function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:pfizer:symbiq_infusion_system_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.13", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:pfizer:symbiq_infusion_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-23T20:29Z", "lastModifiedDate" : "2024-11-21T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-3975", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4039", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/132011/WordPress-WP-Membership-1.2.3-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/132011/WordPress-WP-Membership-1.2.3-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/132011/WordPress-WP-Membership-1.2.3-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/132011/WordPress-WP-Membership-1.2.3-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/535586/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/535586/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/535586/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/535586/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/74766", "name" : "http://www.securityfocus.com/bid/74766", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/74766", "name" : "http://www.securityfocus.com/bid/74766", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37074/", "name" : "https://www.exploit-db.com/exploits/37074/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37074/", "name" : "https://www.exploit-db.com/exploits/37074/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:e-plugins:wp_membership:1.2.3:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-06T19:15Z", "lastModifiedDate" : "2024-11-21T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4041", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://openwall.com/lists/oss-security/2015/05/15/1", "name" : "http://openwall.com/lists/oss-security/2015/05/15/1", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/05/15/1", "name" : "http://openwall.com/lists/oss-security/2015/05/15/1", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=928749", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=928749", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=928749", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=928749", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", "name" : "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", "name" : "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:coreutils:*:*:*:*:*:*:x64:*", "versionEndIncluding" : "8.23", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-24T17:15Z", "lastModifiedDate" : "2024-11-21T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4042", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://openwall.com/lists/oss-security/2015/05/15/1", "name" : "http://openwall.com/lists/oss-security/2015/05/15/1", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://openwall.com/lists/oss-security/2015/05/15/1", "name" : "http://openwall.com/lists/oss-security/2015/05/15/1", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", "name" : "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", "name" : "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:coreutils:*:*:*:*:*:*:*:*", "versionEndIncluding" : "8.23", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-24T17:15Z", "lastModifiedDate" : "2024-11-21T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4043", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.asteriskinfosec.com.au/cve/ConnX_ESP_HR.pdf", "name" : "https://labs.asteriskinfosec.com.au/cve/ConnX_ESP_HR.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.asteriskinfosec.com.au/cve/ConnX_ESP_HR.pdf", "name" : "https://labs.asteriskinfosec.com.au/cve/ConnX_ESP_HR.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:connx:esp_hr_management:4.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-19T19:29Z", "lastModifiedDate" : "2024-11-21T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4058", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4101", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4102", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4107", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was intended functionality. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-01-14T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4117", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://vestacp.com/roadmap/#history", "name" : "http://vestacp.com/roadmap/#history", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://vestacp.com/roadmap/#history", "name" : "http://vestacp.com/roadmap/#history", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/37369/", "name" : "37369", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37369/", "name" : "37369", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23261", "name" : "https://www.htbridge.com/advisory/HTB23261", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23261", "name" : "https://www.htbridge.com/advisory/HTB23261", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vestacp:control_panel:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.9.8-14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-28T22:29Z", "lastModifiedDate" : "2024-11-21T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4169", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4179", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/06/03/3", "name" : "[oss-security] 20150604 CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/06/03/3", "name" : "[oss-security] 20150604 CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/06/04/11", "name" : "[oss-security] 20150604 Re: CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/06/04/11", "name" : "[oss-security] 20150604 Re: CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/06/13/3", "name" : "[oss-security] 20150613 Re: CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/06/13/3", "name" : "[oss-security] 20150613 Re: CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codestyling_localization_project:codestyling_localization:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.99.30", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-05T16:29Z", "lastModifiedDate" : "2024-11-21T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4245", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-07-21T14:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4246", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-07-21T14:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4247", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-07-21T14:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4248", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4249", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-07-13T10:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4250", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4251", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4261", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4300", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4332", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4400", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell", "name" : "https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell", "name" : "https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://fortiguard.com/zeroday/FG-VD-15-021", "name" : "https://fortiguard.com/zeroday/FG-VD-15-021", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://fortiguard.com/zeroday/FG-VD-15-021", "name" : "https://fortiguard.com/zeroday/FG-VD-15-021", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/", "name" : "https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/", "name" : "https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ring:ring_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ring:ring:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-06T16:29Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4410", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/06/06/3", "name" : "http://www.openwall.com/lists/oss-security/2015/06/06/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/06/06/3", "name" : "http://www.openwall.com/lists/oss-security/2015/06/06/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/75045", "name" : "http://www.securityfocus.com/bid/75045", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/75045", "name" : "http://www.securityfocus.com/bid/75045", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1229757", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1229757", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1229757", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1229757", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24", "name" : "https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24", "name" : "https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html", "name" : "https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html", "name" : "https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html", "name" : "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html", "name" : "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/oss-sec/2015/q2/653", "name" : "https://seclists.org/oss-sec/2015/q2/653", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/oss-sec/2015/q2/653", "name" : "https://seclists.org/oss-sec/2015/q2/653", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/75045", "name" : "https://www.securityfocus.com/bid/75045", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/75045", "name" : "https://www.securityfocus.com/bid/75045", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moped_project:moped:-:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-20T17:15Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4411", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/06/06/3", "name" : "http://www.openwall.com/lists/oss-security/2015/06/06/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/06/06/3", "name" : "http://www.openwall.com/lists/oss-security/2015/06/06/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/75045", "name" : "http://www.securityfocus.com/bid/75045", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/75045", "name" : "http://www.securityfocus.com/bid/75045", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1229706", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1229706", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1229706", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1229706", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999", "name" : "https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999", "name" : "https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mongodb/bson-ruby/commit/fef6f75413511d653c76bf924a932374a183a24f#diff-8c8558c185bbb548ccb5a6d6ac4bfee5R191", "name" : "https://github.com/mongodb/bson-ruby/commit/fef6f75413511d653c76bf924a932374a183a24f#diff-8c8558c185bbb548ccb5a6d6ac4bfee5R191", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mongodb/bson-ruby/commit/fef6f75413511d653c76bf924a932374a183a24f#diff-8c8558c185bbb548ccb5a6d6ac4bfee5R191", "name" : "https://github.com/mongodb/bson-ruby/commit/fef6f75413511d653c76bf924a932374a183a24f#diff-8c8558c185bbb548ccb5a6d6ac4bfee5R191", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7", "name" : "https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7", "name" : "https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24", "name" : "https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24", "name" : "https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html", "name" : "https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html", "name" : "https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html", "name" : "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html", "name" : "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/oss-sec/2015/q2/653", "name" : "https://seclists.org/oss-sec/2015/q2/653", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/oss-sec/2015/q2/653", "name" : "https://seclists.org/oss-sec/2015/q2/653", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2015-4411", "name" : "https://security-tracker.debian.org/tracker/CVE-2015-4411", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2015-4411", "name" : "https://security-tracker.debian.org/tracker/CVE-2015-4411", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/75045", "name" : "https://www.securityfocus.com/bid/75045", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/75045", "name" : "https://www.securityfocus.com/bid/75045", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mongodb:bson:*:*:*:*:*:ruby:*:*", "versionEndExcluding" : "3.0.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-20T17:15Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4412", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/06/06/3", "name" : "[oss-security] 20150606 Re: CVE Request: bson-ruby DoS and possible injection", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/06/06/3", "name" : "[oss-security] 20150606 Re: CVE Request: bson-ruby DoS and possible injection", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://www.securityfocus.com/bid/75045", "name" : "75045", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/75045", "name" : "75045", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1229750", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1229750", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1229750", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1229750", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999", "name" : "https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999", "name" : "https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7", "name" : "https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7", "name" : "https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html", "name" : "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html", "name" : "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bson_project:bson:3.0.3:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-05T16:29Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4434", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4436", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4437", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4439", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4440", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4442", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4457", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_c1c_zbn_js", "name" : "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_c1c_zbn_js", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_c1c_zbn_js", "name" : "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_c1c_zbn_js", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudera:cloudera_manager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.4.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-26T15:15Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4461", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://forum.efrontlearning.net/viewtopic.php?f=15&t=9841", "name" : "http://forum.efrontlearning.net/viewtopic.php?f=15&t=9841", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://forum.efrontlearning.net/viewtopic.php?f=15&t=9841", "name" : "http://forum.efrontlearning.net/viewtopic.php?f=15&t=9841", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html", "name" : "https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html", "name" : "https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:efrontlearning:efront:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.6.15.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-05T16:29Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4553", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2015/Jun/47", "name" : "http://seclists.org/fulldisclosure/2015/Jun/47", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jun/47", "name" : "http://seclists.org/fulldisclosure/2015/Jun/47", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/75285", "name" : "http://www.securityfocus.com/bid/75285", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/75285", "name" : "http://www.securityfocus.com/bid/75285", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37423/", "name" : "https://www.exploit-db.com/exploits/37423/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37423/", "name" : "https://www.exploit-db.com/exploits/37423/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dedecms:dedecms:5.7:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dedecms:dedecms:5.7:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-06T21:15Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4557", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/132432/WordPress-Nextend-Twitter-Connect-1.5.1-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/132432/WordPress-Nextend-Twitter-Connect-1.5.1-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/132432/WordPress-Nextend-Twitter-Connect-1.5.1-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/132432/WordPress-Nextend-Twitter-Connect-1.5.1-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jun/71", "name" : "20151231 CVE-2015-4557 - Wordpress \"Nextend Twitter Connect\" & \"Nextend Google Connect\" Cross Site Scripting", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jun/71", "name" : "20151231 CVE-2015-4557 - Wordpress \"Nextend Twitter Connect\" & \"Nextend Google Connect\" Cross Site Scripting", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/75395", "name" : "75395", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/75395", "name" : "75395", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/1178744/nextend-twitter-connect", "name" : "https://plugins.trac.wordpress.org/changeset/1178744/nextend-twitter-connect", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/1178744/nextend-twitter-connect", "name" : "https://plugins.trac.wordpress.org/changeset/1178744/nextend-twitter-connect", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_button function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter. NOTE: this may overlap CVE-2015-4413." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nextendweb:nextend_twitter_connect:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.5.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-12T15:29Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4582", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://themes.trac.wordpress.org/browser/boot-store/1.6.4/header.php#L348", "name" : "https://themes.trac.wordpress.org/browser/boot-store/1.6.4/header.php#L348", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress allows header.php tcp_register_error XSS. NOTE: CVE-2015-4582 is not assigned to any Oracle product." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:thecartpress:boot_store:1.6.4:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2025-04-28T16:15Z", "lastModifiedDate" : "2025-04-30T19:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4615", "ASSIGNER" : "larry0@me.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.vapid.dhs.org/advisory.php?v=130", "name" : "http://www.vapid.dhs.org/advisory.php?v=130", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapid.dhs.org/advisory.php?v=130", "name" : "http://www.vapid.dhs.org/advisory.php?v=130", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/easy2map-photos", "name" : "https://wordpress.org/plugins/easy2map-photos", "refsource" : "", "tags" : [ "Product", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/easy2map-photos", "name" : "https://wordpress.org/plugins/easy2map-photos", "refsource" : "", "tags" : [ "Product", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy2map:easy2map-photos:1.09:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-02-15T21:29Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4617", "ASSIGNER" : "larry0@me.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.vapidlabs.com/advisory.php?v=130", "name" : "http://www.vapidlabs.com/advisory.php?v=130", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapidlabs.com/advisory.php?v=130", "name" : "http://www.vapidlabs.com/advisory.php?v=130", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/easy2map-photos", "name" : "https://wordpress.org/plugins/easy2map-photos", "refsource" : "", "tags" : [ "Product", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/easy2map-photos", "name" : "https://wordpress.org/plugins/easy2map-photos", "refsource" : "", "tags" : [ "Product", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy2map:easy2map-photos:1.09:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-02-15T21:29Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4630", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423", "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423", "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/koha-3-14-16-released/", "name" : "https://koha-community.org/koha-3-14-16-released/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/koha-3-14-16-released/", "name" : "https://koha-community.org/koha-3-14-16-released/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/security-release-koha-3-16-12/", "name" : "https://koha-community.org/security-release-koha-3-16-12/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/security-release-koha-3-16-12/", "name" : "https://koha-community.org/security-release-koha-3-16-12/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/security-release-koha-3-18-8/", "name" : "https://koha-community.org/security-release-koha-3-18-8/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/security-release-koha-3-18-8/", "name" : "https://koha-community.org/security-release-koha-3-18-8/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/security-release-koha-3-20-1/", "name" : "https://koha-community.org/security-release-koha-3-20-1/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/security-release-koha-3-20-1/", "name" : "https://koha-community.org/security-release-koha-3-20-1/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://seclists.org/fulldisclosure/2015/Jun/80", "name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/fulldisclosure/2015/Jun/80", "name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/37389/", "name" : "37389", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37389/", "name" : "37389", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.14.00", "versionEndExcluding" : "3.14.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.16.00", "versionEndExcluding" : "3.16.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.20.00", "versionEndExcluding" : "3.20.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.18.0", "versionEndExcluding" : "3.18.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.1, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.8, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-10-18T21:29Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4631", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416", "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416", "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418", "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418", "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423", "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423", "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://koha-community.org/koha-3-14-16-released/", "name" : "https://koha-community.org/koha-3-14-16-released/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/koha-3-14-16-released/", "name" : "https://koha-community.org/koha-3-14-16-released/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/security-release-koha-3-16-12/", "name" : "https://koha-community.org/security-release-koha-3-16-12/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/security-release-koha-3-16-12/", "name" : "https://koha-community.org/security-release-koha-3-16-12/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/security-release-koha-3-18-8/", "name" : "https://koha-community.org/security-release-koha-3-18-8/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/security-release-koha-3-18-8/", "name" : "https://koha-community.org/security-release-koha-3-18-8/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/security-release-koha-3-20-1/", "name" : "https://koha-community.org/security-release-koha-3-20-1/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://koha-community.org/security-release-koha-3-20-1/", "name" : "https://koha-community.org/security-release-koha-3-20-1/", "refsource" : "", "tags" : [ "Product", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://seclists.org/fulldisclosure/2015/Jun/80", "name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/fulldisclosure/2015/Jun/80", "name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/37389/", "name" : "37389", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37389/", "name" : "37389", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.14.00", "versionEndExcluding" : "3.14.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.16.00", "versionEndExcluding" : "3.16.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.20.00", "versionEndExcluding" : "3.20.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.18.0", "versionEndExcluding" : "3.18.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-10-18T21:29Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4632", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408", "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408", "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://koha-community.org/koha-3-14-16-released/", "name" : "https://koha-community.org/koha-3-14-16-released/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://koha-community.org/koha-3-14-16-released/", "name" : "https://koha-community.org/koha-3-14-16-released/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://koha-community.org/security-release-koha-3-16-12/", "name" : "https://koha-community.org/security-release-koha-3-16-12/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://koha-community.org/security-release-koha-3-16-12/", "name" : "https://koha-community.org/security-release-koha-3-16-12/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://koha-community.org/security-release-koha-3-18-8/", "name" : "https://koha-community.org/security-release-koha-3-18-8/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://koha-community.org/security-release-koha-3-18-8/", "name" : "https://koha-community.org/security-release-koha-3-18-8/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://koha-community.org/security-release-koha-3-20-1/", "name" : "https://koha-community.org/security-release-koha-3-20-1/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://koha-community.org/security-release-koha-3-20-1/", "name" : "https://koha-community.org/security-release-koha-3-20-1/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://seclists.org/fulldisclosure/2015/Jun/80", "name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/fulldisclosure/2015/Jun/80", "name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/37388/", "name" : "37388", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37388/", "name" : "37388", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.14.00", "versionEndExcluding" : "3.14.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.16.00", "versionEndExcluding" : "3.16.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.18.00", "versionEndExcluding" : "3.18.08", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.20.00", "versionEndExcluding" : "3.20.01", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-10-18T21:29Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4633", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412", "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412", "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426", "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426", "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://koha-community.org/koha-3-14-16-released/", "name" : "https://koha-community.org/koha-3-14-16-released/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://koha-community.org/koha-3-14-16-released/", "name" : "https://koha-community.org/koha-3-14-16-released/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://koha-community.org/security-release-koha-3-16-12/", "name" : "https://koha-community.org/security-release-koha-3-16-12/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://koha-community.org/security-release-koha-3-16-12/", "name" : "https://koha-community.org/security-release-koha-3-16-12/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://koha-community.org/security-release-koha-3-18-8/", "name" : "https://koha-community.org/security-release-koha-3-18-8/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://koha-community.org/security-release-koha-3-18-8/", "name" : "https://koha-community.org/security-release-koha-3-18-8/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://koha-community.org/security-release-koha-3-20-1/", "name" : "https://koha-community.org/security-release-koha-3-20-1/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://koha-community.org/security-release-koha-3-20-1/", "name" : "https://koha-community.org/security-release-koha-3-20-1/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://seclists.org/fulldisclosure/2015/Jun/80", "name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/fulldisclosure/2015/Jun/80", "name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/37387/", "name" : "37387", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37387/", "name" : "37387", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "refsource" : "", "tags" : [ "Exploit", "Release Notes", "Third Party Advisory" ] }, { "url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", "refsource" : "", "tags" : [ "Exploit", "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.14.00", "versionEndExcluding" : "3.14.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.16.00", "versionEndExcluding" : "3.16.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.18.00", "versionEndExcluding" : "3.18.08", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.20.00", "versionEndExcluding" : "3.20.01", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-10-18T21:29Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4664", "ASSIGNER" : "vuln@ca.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html", "name" : "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html", "name" : "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt", "name" : "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt", "name" : "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", "name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", "name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/37708/", "name" : "37708", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37708/", "name" : "37708", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:privileged_access_manager:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.4.4.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xceedium:xsuite:2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xceedium:xsuite:2.4.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-18T18:29Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4709", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-01-27T15:15Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4715", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-552" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/76158", "name" : "http://www.securityfocus.com/bid/76158", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/76158", "name" : "http://www.securityfocus.com/bid/76158", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a", "name" : "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a", "name" : "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/", "name" : "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/", "name" : "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://owncloud.org/security/advisory/?id=oc-sa-2015-005", "name" : "https://owncloud.org/security/advisory/?id=oc-sa-2015-005", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://owncloud.org/security/advisory/?id=oc-sa-2015-005", "name" : "https://owncloud.org/security/advisory/?id=oc-sa-2015-005", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.0.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:owncloud:owncloud_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0.0", "versionEndExcluding" : "7.0.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:owncloud:owncloud_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0", "versionEndExcluding" : "8.0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-17T19:15Z", "lastModifiedDate" : "2025-03-31T11:54Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4719", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.pexip.com/admin/security_bulletins.htm", "name" : "https://docs.pexip.com/admin/security_bulletins.htm", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://docs.pexip.com/admin/security_bulletins.htm", "name" : "https://docs.pexip.com/admin/security_bulletins.htm", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pexip:pexip_infinity:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-09-24T02:15Z", "lastModifiedDate" : "2024-11-21T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4720", "ASSIGNER" : "larry0@me.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4814", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4829", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0638. Reason: This candidate is a reservation duplicate of CVE-2016-0638. Notes: All CVE users should reference CVE-2016-0638 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-04-22T17:59Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4853", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4855", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4889", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4897", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4918", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4952", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21962602", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21962602", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21962602", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21962602", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:endpoint_manager_for_remote_control:9.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:endpoint_manager_for_remote_control:9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-29T18:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4953", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-326" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV81388", "name" : "IV81388", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV81388", "name" : "IV81388", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/105197", "name" : "ibm-tivoli-cve20154953-weak-sec(105197)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/105197", "name" : "ibm-tivoli-cve20154953-weak-sec(105197)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-304.ibm.com/support/docview.wss?uid=swg21972041", "name" : "https://www-304.ibm.com/support/docview.wss?uid=swg21972041", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www-304.ibm.com/support/docview.wss?uid=swg21972041", "name" : "https://www-304.ibm.com/support/docview.wss?uid=swg21972041", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:bigfix_remote_control:9.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-29T18:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4954", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21972042", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21972042", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21972042", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21972042", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/105200", "name" : "ibm-tivoli-cve20154954-weak-sec(105200)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/105200", "name" : "ibm-tivoli-cve20154954-weak-sec(105200)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self-signed certificates, which might allow remote attackers to conduct spoofing attacks via unspecified vectors. IBM X-Force ID: 105200." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:bigfix_remote_control:9.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-27T17:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4968", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-07-17T01:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-4987", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21981017", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21981017", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21981017", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21981017", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/105896", "name" : "ibm-tealeaf-cve20154987-sec-bypass(105896)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/105896", "name" : "ibm-tealeaf-cve20154987-sec-bypass(105896)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tealeaf_customer_experience:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0", "versionEndIncluding" : "9.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-27T17:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5016", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971160", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971160", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971160", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971160", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460", "name" : "ibm-maximo-cve20155016-info-disc(106460)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460", "name" : "ibm-maximo-cve20155016-info-disc(106460)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_transportation:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:control_desk:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:control_desk:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-27T17:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5039", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21976566", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21976566", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21976566", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21976566", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715", "name" : "ibm-clearcase-cve20155039-mitm(106715)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715", "name" : "ibm-clearcase-cve20155039-mitm(106715)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "versionStartExcluding" : "8.0", "versionEndIncluding" : "8.0.0.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.1", "versionEndIncluding" : "7.1.2.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_clearcase:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.1", "versionEndIncluding" : "8.0.1.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.4, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-26T18:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5045", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982895", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982895", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982895", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982895", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/106938", "name" : "ibm-rcl-cve20155045-info-disc(106938)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/106938", "name" : "ibm-rcl-cve20155045-info-disc(106938)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Administration and Reporting tool in IBM Rational License Key Server (RLKS) before 8.1.4.9 iFix 04 allows local users to obtain sensitive information via unspecified vectors. IBM X-Force ID: 106938." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_license_key_server:8.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_license_key_server:8.1.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_license_key_server:8.1.4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_license_key_server:8.1.4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_license_key_server:8.1.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_license_key_server:8.1.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_license_key_server:8.1.4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_license_key_server:8.1.4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_license_key_server:8.1.4.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-26T18:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5071", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://communities.bmc.com/docs/DOC-77816", "name" : "https://communities.bmc.com/docs/DOC-77816", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://communities.bmc.com/docs/DOC-77816", "name" : "https://communities.bmc.com/docs/DOC-77816", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html", "name" : "https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html", "name" : "https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to \"navigate\" to arbitrary files via the __report parameter of the BIRT viewer servlet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bmc:remedy_ar_system_server:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bmc:remedy_ar_system_server:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T18:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5072", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://communities.bmc.com/docs/DOC-77816", "name" : "https://communities.bmc.com/docs/DOC-77816", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://communities.bmc.com/docs/DOC-77816", "name" : "https://communities.bmc.com/docs/DOC-77816", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html", "name" : "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html", "name" : "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to \"navigate\" to arbitrary local files via the __imageid parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bmc:remedy_ar_system_server:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bmc:remedy_ar_system_server:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T18:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5079", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/132541/BlackCat-CMS-1.1.1-Path-Traversal.html", "name" : "http://packetstormsecurity.com/files/132541/BlackCat-CMS-1.1.1-Path-Traversal.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/132541/BlackCat-CMS-1.1.1-Path-Traversal.html", "name" : "http://packetstormsecurity.com/files/132541/BlackCat-CMS-1.1.1-Path-Traversal.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/535900/100/0/threaded", "name" : "20150701 Path Traversal in BlackCat CMS", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/535900/100/0/threaded", "name" : "20150701 Path Traversal in BlackCat CMS", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23263", "name" : "https://www.htbridge.com/advisory/HTB23263", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23263", "name" : "https://www.htbridge.com/advisory/HTB23263", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blackcat-cms:blackcat_cms:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-28T22:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5112", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5126", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5128", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-10-08T10:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5155", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3609. Reason: This candidate is a reservation duplicate of CVE-2010-3609. Notes: All CVE users should reference CVE-2010-3609 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-11-26T22:15Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5159", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245200", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245200", "refsource" : "", "tags" : [ "Issue Tracking", "Mitigation", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245200", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245200", "refsource" : "", "tags" : [ "Issue Tracking", "Mitigation", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/latchset/kdcproxy/commit/f274aa6787cb8b3ec1cc12c440a56665b7231882", "name" : "https://github.com/latchset/kdcproxy/commit/f274aa6787cb8b3ec1cc12c440a56665b7231882", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://github.com/latchset/kdcproxy/commit/f274aa6787cb8b3ec1cc12c440a56665b7231882", "name" : "https://github.com/latchset/kdcproxy/commit/f274aa6787cb8b3ec1cc12c440a56665b7231882", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kdcproxy_project:kdcproxy:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-10-30T18:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5160", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://rhn.redhat.com/errata/RHSA-2016-2577.html", "name" : "RHSA-2016:2577", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2016-2577.html", "name" : "RHSA-2016:2577", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2017/07/21/3", "name" : "[oss-security] 20170721 [OSSN-0078] Ceph credentials included in logs using older versions of libvirt/qemu", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2017/07/21/3", "name" : "[oss-security] 20170721 [OSSN-0078] Ceph credentials included in logs using older versions of libvirt/qemu", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/ossn/+bug/1686743", "name" : "https://bugs.launchpad.net/ossn/+bug/1686743", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/ossn/+bug/1686743", "name" : "https://bugs.launchpad.net/ossn/+bug/1686743", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245647", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245647", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245647", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245647", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0079", "name" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0079", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0079", "name" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0079", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libvirt:libvirt:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5192", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-5195. Reason: This candidate is a reservation duplicate of CVE-2015-5195. Notes: All CVE users should reference CVE-2015-5195 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-08-20T23:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5193", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7703. Reason: This candidate is a reservation duplicate of CVE-2015-7703. Notes: All CVE users should reference CVE-2015-7703 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-08-20T23:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5196", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7703. Reason: This candidate is a reservation duplicate of CVE-2015-7703. Notes: All CVE users should reference CVE-2015-7703 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-10-23T16:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5197", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-09-15T19:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5201", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-306" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2015-5201", "name" : "https://access.redhat.com/security/cve/cve-2015-5201", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2015-5201", "name" : "https://access.redhat.com/security/cve/cve-2015-5201", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1253882", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1253882", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1253882", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1253882", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1273144", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1273144", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1273144", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1273144", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://rhn.redhat.com/errata/RHEA-2015-2527.html", "name" : "https://rhn.redhat.com/errata/RHEA-2015-2527.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://rhn.redhat.com/errata/RHEA-2015-2527.html", "name" : "https://rhn.redhat.com/errata/RHEA-2015-2527.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:enterprise_virtualization_hypervisor:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6-6.0", "versionEndExcluding" : "6-6.7-20151117.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:enterprise_virtualization_hypervisor:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7-7.0", "versionEndExcluding" : "7-7.2-20151119.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:enterprise_virtualization:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.5.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-25T21:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5202", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-5233. Reason: This candidate is a reservation duplicate of CVE-2015-5233. Notes: All CVE users should reference CVE-2015-5233 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-06-07T20:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5205", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-03-12T13:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5215", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/10/23/10", "name" : "http://www.openwall.com/lists/oss-security/2015/10/23/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/23/10", "name" : "http://www.openwall.com/lists/oss-security/2015/10/23/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255168", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255168", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255168", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255168", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1", "name" : "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1", "name" : "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16", "name" : "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16", "name" : "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default configuration of the Jinja templating engine used in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via template variables. NOTE: This may be a duplicate of CVE-2015-5216. Moreover, the Jinja development team does not enable auto-escape by default for performance issues as explained in https://jinja.palletsprojects.com/en/master/faq/#why-is-autoescaping-not-the-default." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ipsilon-project:ipsilon:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.1.0", "versionEndExcluding" : "1.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-17T19:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5216", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/10/27/8", "name" : "http://www.openwall.com/lists/oss-security/2015/10/27/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/27/8", "name" : "http://www.openwall.com/lists/oss-security/2015/10/27/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255170", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255170", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255170", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255170", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16", "name" : "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16", "name" : "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via an HTTP response." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ipsilon-project:ipsilon:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.1.0", "versionEndExcluding" : "1.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-17T19:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5226", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-09-12T14:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5230", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2015/dsa-3347", "name" : "http://www.debian.org/security/2015/dsa-3347", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3347", "name" : "http://www.debian.org/security/2015/dsa-3347", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securitytracker.com/id/1033475", "name" : "http://www.securitytracker.com/id/1033475", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1033475", "name" : "http://www.securitytracker.com/id/1033475", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/", "name" : "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/", "name" : "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.4.0", "versionEndExcluding" : "3.4.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T17:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5236", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-345" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1256403", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1256403", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1256403", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1256403", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:icedtea-web_project:icedtea-web:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2022-07-07T16:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5238", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-3796. Reason: This candidate is a reservation duplicate of CVE-2015-3796. Notes: All CVE users should reference CVE-2015-3796 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-07-21T18:15Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5239", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-835" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/09/02/7", "name" : "http://www.openwall.com/lists/oss-security/2015/09/02/7", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/09/02/7", "name" : "http://www.openwall.com/lists/oss-security/2015/09/02/7", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2745-1", "name" : "http://www.ubuntu.com/usn/USN-2745-1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2745-1", "name" : "http://www.ubuntu.com/usn/USN-2745-1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d", "name" : "https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d", "name" : "https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", "name" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", "name" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-23T20:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5243", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.nettitude.com/uk/cve-2015-5243-phpwhois-remote-code-execution", "name" : "https://blog.nettitude.com/uk/cve-2015-5243-phpwhois-remote-code-execution", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.nettitude.com/uk/cve-2015-5243-phpwhois-remote-code-execution", "name" : "https://blog.nettitude.com/uk/cve-2015-5243-phpwhois-remote-code-execution", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/Gemorroj/phpwhois/commit/91c937e03c876ba1290b6de2a3ad953d2105fdd0", "name" : "https://github.com/Gemorroj/phpwhois/commit/91c937e03c876ba1290b6de2a3ad953d2105fdd0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Gemorroj/phpwhois/commit/91c937e03c876ba1290b6de2a3ad953d2105fdd0", "name" : "https://github.com/Gemorroj/phpwhois/commit/91c937e03c876ba1290b6de2a3ad953d2105fdd0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/jsmitty12/phpWhois/blob/master/CHANGELOG.md", "name" : "https://github.com/jsmitty12/phpWhois/blob/master/CHANGELOG.md", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/jsmitty12/phpWhois/blob/master/CHANGELOG.md", "name" : "https://github.com/jsmitty12/phpWhois/blob/master/CHANGELOG.md", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/jsmitty12/phpWhois/issues/19", "name" : "https://github.com/jsmitty12/phpWhois/issues/19", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/jsmitty12/phpWhois/issues/19", "name" : "https://github.com/jsmitty12/phpWhois/issues/19", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution", "name" : "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution", "name" : "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/sparc/phpWhois.org/commit/5cc572490c9053d46598ec9348a11e36a5a33a46#diff-f150ae17da7341bf6c2eff928684b3a3", "name" : "https://github.com/sparc/phpWhois.org/commit/5cc572490c9053d46598ec9348a11e36a5a33a46#diff-f150ae17da7341bf6c2eff928684b3a3", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://github.com/sparc/phpWhois.org/commit/5cc572490c9053d46598ec9348a11e36a5a33a46#diff-f150ae17da7341bf6c2eff928684b3a3", "name" : "https://github.com/sparc/phpWhois.org/commit/5cc572490c9053d46598ec9348a11e36a5a33a46#diff-f150ae17da7341bf6c2eff928684b3a3", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "phpWhois allows remote attackers to execute arbitrary code via a crafted whois record." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpwhois_project:phpwhois:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5249", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-09-10T14:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5270", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-09-12T14:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5275", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-5257. Reason: This candidate is a reservation duplicate of CVE-2015-5257. Notes: All CVE users should reference CVE-2015-5257 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-11-23T11:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5278", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-835" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/09/15/2", "name" : "http://www.openwall.com/lists/oss-security/2015/09/15/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/09/15/2", "name" : "http://www.openwall.com/lists/oss-security/2015/09/15/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2745-1", "name" : "http://www.ubuntu.com/usn/USN-2745-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2745-1", "name" : "http://www.ubuntu.com/usn/USN-2745-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", "name" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", "name" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.4.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-23T20:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5280", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-12-15T11:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5290", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/10/11/1", "name" : "http://www.openwall.com/lists/oss-security/2015/10/11/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/11/1", "name" : "http://www.openwall.com/lists/oss-security/2015/10/11/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/12/1", "name" : "http://www.openwall.com/lists/oss-security/2015/10/12/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/12/1", "name" : "http://www.openwall.com/lists/oss-security/2015/10/12/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1271113", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1271113", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1271113", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1271113", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/skyhighwings/CVE-2015-5290", "name" : "https://github.com/skyhighwings/CVE-2015-5290", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://github.com/skyhighwings/CVE-2015-5290", "name" : "https://github.com/skyhighwings/CVE-2015-5290", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Denial of Service vulnerability exists in ircd-ratbox 3.0.9 in the MONITOR Command Handler." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ratbox:ircd-ratbox:3.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-26T21:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5294", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-02-23T17:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5297", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=92027", "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=92027", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=92027", "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=92027", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5297", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5297", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5297", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5297", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pixman:pixman:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.32.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-07-31T23:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5298", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://exfiltrated.com/research-CVE-2015-5298.php", "name" : "http://exfiltrated.com/research-CVE-2015-5298.php", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://exfiltrated.com/research-CVE-2015-5298.php", "name" : "http://exfiltrated.com/research-CVE-2015-5298.php", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.jenkins.io/security/advisory/2015-10-12/", "name" : "https://www.jenkins.io/security/advisory/2015-10-12/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.jenkins.io/security/advisory/2015-10-12/", "name" : "https://www.jenkins.io/security/advisory/2015-10-12/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:google_login:1.1:*:*:*:*:jenkins:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:google_login:1.0:*:*:*:*:jenkins:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2022-07-07T19:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5314", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt", "name" : "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt", "name" : "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/11/10/10", "name" : "[oss-security] 20151110 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation", "refsource" : "", "tags" : [ "Mailing List", "Mitigation", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/11/10/10", "name" : "[oss-security] 20151110 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation", "refsource" : "", "tags" : [ "Mailing List", "Mitigation", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2808-1", "name" : "USN-2808-1", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2808-1", "name" : "USN-2808-1", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.debian.org/security/2015/dsa-3397", "name" : "DSA-3397", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2015/dsa-3397", "name" : "DSA-3397", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0", "versionEndExcluding" : "2.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-21T16:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5315", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt", "name" : "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt", "name" : "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/11/10/10", "name" : "[oss-security] 20151110 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/11/10/10", "name" : "[oss-security] 20151110 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2808-1", "name" : "USN-2808-1", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2808-1", "name" : "USN-2808-1", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.debian.org/security/2015/dsa-3397", "name" : "DSA-3397", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2015/dsa-3397", "name" : "DSA-3397", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0", "versionEndExcluding" : "2.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-21T16:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5316", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt", "name" : "http://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt", "refsource" : "", "tags" : [ "Mitigation", "Patch", "Vendor Advisory" ] }, { "url" : "http://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt", "name" : "http://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt", "refsource" : "", "tags" : [ "Mitigation", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/11/10/11", "name" : "[oss-security] 20151110 wpa_supplicant: EAP-pwd peer error path failure on unexpected Confirm message", "refsource" : "", "tags" : [ "Mailing List", "Mitigation", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/11/10/11", "name" : "[oss-security] 20151110 wpa_supplicant: EAP-pwd peer error path failure on unexpected Confirm message", "refsource" : "", "tags" : [ "Mailing List", "Mitigation", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/77538", "name" : "77538", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/77538", "name" : "77538", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2808-1", "name" : "USN-2808-1", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2808-1", "name" : "USN-2808-1", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.debian.org/security/2015/dsa-3397", "name" : "DSA-3397", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2015/dsa-3397", "name" : "DSA-3397", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0", "versionEndExcluding" : "2.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-21T16:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5328", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5333", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt", "name" : "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt", "name" : "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html", "name" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html", "name" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html", "name" : "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html", "name" : "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.3.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-23T21:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5334", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt", "name" : "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt", "name" : "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html", "name" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html", "name" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html", "name" : "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html", "name" : "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Oct/75", "name" : "http://seclists.org/fulldisclosure/2015/Oct/75", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Oct/75", "name" : "http://seclists.org/fulldisclosure/2015/Oct/75", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.3.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-23T20:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5350", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://pivotal.io/security/cve-2015-5350", "name" : "https://pivotal.io/security/cve-2015-5350", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://pivotal.io/security/cve-2015-5350", "name" : "https://pivotal.io/security/cve-2015-5350", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read files on the host system that the BOSH-created vcap user has permissions to read and then package them into their app droplet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudfoundry:garden:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.330.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-19T13:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5361", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-326" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://kb.juniper.net/JSA10706", "name" : "https://kb.juniper.net/JSA10706", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://kb.juniper.net/JSA10706", "name" : "https://kb.juniper.net/JSA10706", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.? Note that the ftps-extensions option is not enabled by default." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d20:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d50:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d40:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d15:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d25:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d30:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d35:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:d45:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x44:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x46:d35:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x46-d10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x47:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x47:d15:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-28T23:15Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5377", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/75938", "name" : "75938", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/75938", "name" : "75938", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-365/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-365/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-365/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-365/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://discuss.elastic.co/t/elasticsearch-remote-code-execution-cve-2015-5377/25736", "name" : "https://discuss.elastic.co/t/elasticsearch-remote-code-execution-cve-2015-5377/25736", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://discuss.elastic.co/t/elasticsearch-remote-code-execution-cve-2015-5377/25736", "name" : "https://discuss.elastic.co/t/elasticsearch-remote-code-execution-cve-2015-5377/25736", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://github.com/elastic/elasticsearch/commit/bf3052d14c874aead7da8855c5fcadf5428a43f2", "name" : "https://github.com/elastic/elasticsearch/commit/bf3052d14c874aead7da8855c5fcadf5428a43f2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/elastic/elasticsearch/commit/bf3052d14c874aead7da8855c5fcadf5428a43f2", "name" : "https://github.com/elastic/elasticsearch/commit/bf3052d14c874aead7da8855c5fcadf5428a43f2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.6.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-06T20:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5384", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-384" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5384/", "name" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5384/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5384/", "name" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5384/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:axiomsl:axiom:*:*:*:*:*:*:*:*", "versionEndIncluding" : "9.5.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-04-03T21:29Z", "lastModifiedDate" : "2024-11-21T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5414", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5415", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5425", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5437", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5438", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5439", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5449", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5450", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5462", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5462/", "name" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5462/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5462/", "name" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5462/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:axiomsl:axiom:*:*:*:*:*:*:*:*", "versionEndIncluding" : "9.5.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-04-03T21:29Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5463", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-285" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5463/", "name" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5463/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5463/", "name" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5463/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:axiomsl:axiom:*:*:*:*:*:*:*:*", "versionEndIncluding" : "9.5.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-03T20:29Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5466", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133400/XGI-Windows-VGA-Display-Manager-Privilege-Escalation.html", "name" : "http://packetstormsecurity.com/files/133400/XGI-Windows-VGA-Display-Manager-Privilege-Escalation.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133400/XGI-Windows-VGA-Display-Manager-Privilege-Escalation.html", "name" : "http://packetstormsecurity.com/files/133400/XGI-Windows-VGA-Display-Manager-Privilege-Escalation.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Sep/2", "name" : "http://seclists.org/fulldisclosure/2015/Sep/2", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Sep/2", "name" : "http://seclists.org/fulldisclosure/2015/Sep/2", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/536373/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/536373/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/536373/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/536373/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt", "name" : "https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt", "name" : "https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sis:xgi_vga_display_manager:6.14.10.1090:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T16:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5467", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2015-5467.yaml", "name" : "https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2015-5467.yaml", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2015-5467.yaml", "name" : "https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2015-5467.yaml", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix", "name" : "https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix", "name" : "https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "web\\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0.0", "versionEndExcluding" : "2.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-09-21T06:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5483", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133349/WordPress-Private-Only-3.5.1-CSRF-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/133349/WordPress-Private-Only-3.5.1-CSRF-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133349/WordPress-Private-Only-3.5.1-CSRF-Cross-Site-Scripting.html", "name" : "http://packetstormsecurity.com/files/133349/WordPress-Private-Only-3.5.1-CSRF-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Aug/77", "name" : "http://seclists.org/fulldisclosure/2015/Aug/77", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Aug/77", "name" : "http://seclists.org/fulldisclosure/2015/Aug/77", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.dxw.com/advisories/csrfxss-vulnerability-in-private-only-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/", "name" : "https://security.dxw.com/advisories/csrfxss-vulnerability-in-private-only-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://security.dxw.com/advisories/csrfxss-vulnerability-in-private-only-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/", "name" : "https://security.dxw.com/advisories/csrfxss-vulnerability-in-private-only-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo parameter in the privateonly.php page to wp-admin/options-general.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:private_only_project:private_only:3.5.1:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-28T20:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5484", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2015/Jul/68", "name" : "http://seclists.org/fulldisclosure/2015/Jul/68", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Jul/68", "name" : "http://seclists.org/fulldisclosure/2015/Jul/68", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/", "name" : "https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/", "name" : "https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-plotly/changelog/", "name" : "https://wordpress.org/plugins/wp-plotly/changelog/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-plotly/changelog/", "name" : "https://wordpress.org/plugins/wp-plotly/changelog/", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plot:plotly:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-15T16:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5524", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.samsungmobile.com/securityUpdate.smsb", "name" : "https://security.samsungmobile.com/securityUpdate.smsb", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security.samsungmobile.com/securityUpdate.smsb", "name" : "https://security.samsungmobile.com/securityUpdate.smsb", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. There is a buffer overflow in datablock_write because the amount of received data is not validated. The Samsung ID is SVE-2015-4018 (December 2015)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-04-10T19:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5542", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5543", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5585", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5591", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html", "name" : "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html", "name" : "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "name" : "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "name" : "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "name" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "name" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/07/18/3", "name" : "https://www.openwall.com/lists/oss-security/2015/07/18/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/07/18/3", "name" : "https://www.openwall.com/lists/oss-security/2015/07/18/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zenphoto:zenphoto:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-31T21:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5592", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html", "name" : "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html", "name" : "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "name" : "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "name" : "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "name" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "name" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/07/18/3", "name" : "https://www.openwall.com/lists/oss-security/2015/07/18/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/07/18/3", "name" : "https://www.openwall.com/lists/oss-security/2015/07/18/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zenphoto:zenphoto:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-31T21:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5593", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/07/18/3", "name" : "http://www.openwall.com/lists/oss-security/2015/07/18/3", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/07/18/3", "name" : "http://www.openwall.com/lists/oss-security/2015/07/18/3", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "name" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "name" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "name" : "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "name" : "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in \"<script>payload\", or in an image tag, with the payload as the onerror event." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zenphoto:zenphoto:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-31T21:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5595", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/07/18/3", "name" : "http://www.openwall.com/lists/oss-security/2015/07/18/3", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/07/18/3", "name" : "http://www.openwall.com/lists/oss-security/2015/07/18/3", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "name" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "name" : "http://www.zenphoto.org/news/zenphoto-1.4.9", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "name" : "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "name" : "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zenphoto:zenphoto:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-31T21:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5596", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5597", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5598", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5601", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://open.edx.org/announcements/CVE-2015-5601", "name" : "https://open.edx.org/announcements/CVE-2015-5601", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://open.edx.org/announcements/CVE-2015-5601", "name" : "https://open.edx.org/announcements/CVE-2015-5601", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:edx:edx-platform:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-07-20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-07-29T16:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5606", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5606/", "name" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5606/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5606/", "name" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5606/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:axway:vordel_xml_gateway:7.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-03T19:29Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5614", "ASSIGNER" : "larry0@me.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5615", "ASSIGNER" : "larry0@me.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5617", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133082/Enorth-Webpublisher-CMS-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/133082/Enorth-Webpublisher-CMS-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133082/Enorth-Webpublisher-CMS-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/133082/Enorth-Webpublisher-CMS-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Aug/55", "name" : "http://seclists.org/fulldisclosure/2015/Aug/55", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Aug/55", "name" : "http://seclists.org/fulldisclosure/2015/Aug/55", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:enorth:webpublisher_cms:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-12T15:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5626", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", "name" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", "name" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.08.70", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.09.50", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.09.50", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r5.04.20", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r5.04.20", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.02.10", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.96.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r2.50.30", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r2.85.00", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.72.00", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r4.03.20", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r4.03.20", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.40.00", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r2.01.02", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*", "versionEndIncluding" : "r10.01", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r7.30.01", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.12.00", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r5.05.01", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r7.03.04", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*", "versionEndIncluding" : "r3.40", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-05T19:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5627", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", "name" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", "name" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.08.70", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.09.50", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.09.50", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r5.04.20", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r5.04.20", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.02.10", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.96.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r2.50.30", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r2.85.00", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.72.00", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r4.03.20", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r4.03.20", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.40.00", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r2.01.02", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*", "versionEndIncluding" : "r10.01", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r7.30.01", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.12.00", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r5.05.01", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r7.03.04", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*", "versionEndIncluding" : "r3.40", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-05T19:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5628", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", "name" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", "name" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.08.70", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.09.50", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.09.50", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r5.04.20", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r5.04.20", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.02.10", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.96.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r2.50.30", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r2.85.00", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.72.00", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r4.03.20", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r4.03.20", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.40.00", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r2.01.02", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*", "versionEndIncluding" : "r10.01", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r7.30.01", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r3.12.00", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r5.05.01", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r7.03.04", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*", "versionEndIncluding" : "r3.40", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-05T19:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5656", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5657", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5658", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5674", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/76244", "name" : "76244", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1033185", "name" : "1033185", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:19.routed.asc", "name" : "FreeBSD-SA-15:19", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/76244", "name" : "76244", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:19.routed.asc", "name" : "FreeBSD-SA-15:19", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "http://www.securitytracker.com/id/1033185", "name" : "1033185", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-05T16:29Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5684", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.lenovo.com/us/en/product_security/lse_bios_notebook", "name" : "https://support.lenovo.com/us/en/product_security/lse_bios_notebook", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.lenovo.com/us/en/product_security/lse_bios_notebook", "name" : "https://support.lenovo.com/us/en/product_security/lse_bios_notebook", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:b50-10_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "cccn13ww\\(v1.02\\)", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:b50-10:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:flex_2_pro-15_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "a9cn46ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:flex_2_pro-15:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:edge_15_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "a9cn46ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:edge_15:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:edge_15_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "b9cn17ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:edge_15:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:flex_2_pro-15_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "b9cn17ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:flex_2_pro-15:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:flex_3-1470_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "bdcn30ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:flex_3-1470:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:flex_3-1570_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "bdcn30ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:flex_3-1570:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:flex_3-1120_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "c0cn25ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:flex_3-1120:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:g40-80_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "b0cn75ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:g40-80:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:g50-80_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "b0cn75ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:g50-80:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:g50-80_touch_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "b0cn75ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:g50-80_touch:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:g50-80_touch_v3000_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "b0cn75ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:g50-80_touch_v3000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:g40-80m_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "cbcn75ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:g40-80m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:g50-80m_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "cbcn75ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:g50-80m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:ideapad_100-14iby_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "v1.02_\\(cccn13ww\\)", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:ideapad_100-14iby:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:ideapad_100-15iby_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "v1.02_\\(cccn13ww\\)", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:ideapad_100-15iby:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:s21e_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "c4cn14ww\\(v1.04\\)", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:s21e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:s41-70_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "bdcn30ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:s41-70:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:u41-70_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "bdcn30ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:u41-70:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:s435_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "bbcn15ww\\(v1.06\\)", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:s435:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:m40-35_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "bbcn15ww\\(v1.06\\)", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:m40-35:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:u31-70_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "afcn30ww\\(v2.02\\)", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:u31-70:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:yoga_3_14_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "bacn33ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:yoga_3_14:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:yoga_3_11_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "b8cn30ww\\(v2.08\\)", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:yoga_3_11:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:y40-80_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "b5cn36ww\\(v2.02\\)", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:y40-80:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:z41-70_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "c2cn18ww\\(v1.04\\)", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:z41-70:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:z51-70_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "c2cn18ww\\(v1.04\\)", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:z51-70:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:z70-80_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "abcn75ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:z70-80:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lenovo:g70-80_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "abcn75ww", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lenovo:g70-80:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-27T15:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5686", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" }, { "lang" : "en", "value" : "CWE-1021" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://puppet.com/security/cve/CVE-2015-5686/", "name" : "https://puppet.com/security/cve/CVE-2015-5686/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://puppet.com/security/cve/CVE-2015-5686/", "name" : "https://puppet.com/security/cve/CVE-2015-5686/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.0", "versionEndExcluding" : "2015.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-27T01:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5694", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-835" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/07/28/11", "name" : "http://www.openwall.com/lists/oss-security/2015/07/28/11", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/07/28/11", "name" : "http://www.openwall.com/lists/oss-security/2015/07/28/11", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/07/29/6", "name" : "http://www.openwall.com/lists/oss-security/2015/07/29/6", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/07/29/6", "name" : "http://www.openwall.com/lists/oss-security/2015/07/29/6", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5694", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5694", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5694", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5694", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2015-5694", "name" : "https://security-tracker.debian.org/tracker/CVE-2015-5694", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2015-5694", "name" : "https://security-tracker.debian.org/tracker/CVE-2015-5694", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Designate does not enforce the DNS protocol limit concerning record set sizes" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openstack:designate:2015.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openstack:designate:1.0.0.0:b1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openstack:designate:1.0.0:a0:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_openstack_platform:7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-22T15:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5725", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://forum.codeigniter.com/thread-62743.html", "name" : "https://forum.codeigniter.com/thread-62743.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://forum.codeigniter.com/thread-62743.html", "name" : "https://forum.codeigniter.com/thread-62743.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318f9ec23", "name" : "https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318f9ec23", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318f9ec23", "name" : "https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318f9ec23", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/bcit-ci/CodeIgniter/issues/4020", "name" : "https://github.com/bcit-ci/CodeIgniter/issues/4020", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/bcit-ci/CodeIgniter/issues/4020", "name" : "https://github.com/bcit-ci/CodeIgniter/issues/4020", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.codeigniter.com/userguide2/changelog.html", "name" : "https://www.codeigniter.com/userguide2/changelog.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.codeigniter.com/userguide2/changelog.html", "name" : "https://www.codeigniter.com/userguide2/changelog.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-21T16:29Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5741", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-444" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2015/q3/237", "name" : "http://seclists.org/oss-sec/2015/q3/237", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2015/q3/237", "name" : "http://seclists.org/oss-sec/2015/q3/237", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2015/q3/292", "name" : "http://seclists.org/oss-sec/2015/q3/292", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2015/q3/292", "name" : "http://seclists.org/oss-sec/2015/q3/292", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2015/q3/294", "name" : "http://seclists.org/oss-sec/2015/q3/294", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2015/q3/294", "name" : "http://seclists.org/oss-sec/2015/q3/294", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1250352", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1250352", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1250352", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1250352", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f", "name" : "https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f", "name" : "https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-08T19:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5745", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/08/06/3", "name" : "http://www.openwall.com/lists/oss-security/2015/08/06/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/08/06/3", "name" : "http://www.openwall.com/lists/oss-security/2015/08/06/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/08/06/5", "name" : "http://www.openwall.com/lists/oss-security/2015/08/06/5", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/08/06/5", "name" : "http://www.openwall.com/lists/oss-security/2015/08/06/5", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295", "name" : "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295", "name" : "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13", "name" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13", "name" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.4.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-23T20:15Z", "lastModifiedDate" : "2024-11-21T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5760", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5762", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5852", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5881", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7760, CVE-2015-7761. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2015-7760 and CVE-2015-7761 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-10-09T05:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5886", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5908", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5941", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5951", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133003/Thomson-Reuters-FATCA-Arbitrary-File-Upload.html", "name" : "http://packetstormsecurity.com/files/133003/Thomson-Reuters-FATCA-Arbitrary-File-Upload.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133003/Thomson-Reuters-FATCA-Arbitrary-File-Upload.html", "name" : "http://packetstormsecurity.com/files/133003/Thomson-Reuters-FATCA-Arbitrary-File-Upload.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Aug/25", "name" : "http://seclists.org/fulldisclosure/2015/Aug/25", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Aug/25", "name" : "http://seclists.org/fulldisclosure/2015/Aug/25", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/536163/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/536163/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/536163/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/536163/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/76271", "name" : "http://www.securityfocus.com/bid/76271", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/76271", "name" : "http://www.securityfocus.com/bid/76271", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://seclists.org/bugtraq/2015/Aug/32", "name" : "https://seclists.org/bugtraq/2015/Aug/32", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2015/Aug/32", "name" : "https://seclists.org/bugtraq/2015/Aug/32", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:thomsonreuters:fatca:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.9, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.1, "impactScore" : 6.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-06T21:15Z", "lastModifiedDate" : "2024-11-21T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5952", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2015/Aug/24", "name" : "http://seclists.org/fulldisclosure/2015/Aug/24", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Aug/24", "name" : "http://seclists.org/fulldisclosure/2015/Aug/24", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:thomsonreuters:fatca:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T17:15Z", "lastModifiedDate" : "2024-11-21T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5966", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5967", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5971", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5972", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5973", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5974", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5975", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5976", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5977", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5978", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5979", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5980", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5981", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5982", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5983", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5984", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-5985", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6000", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://b.fl7.de/2015/09/vtiger-crm-authenticated-rce-cve-2015-6000.html", "name" : "http://b.fl7.de/2015/09/vtiger-crm-authenticated-rce-cve-2015-6000.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://b.fl7.de/2015/09/vtiger-crm-authenticated-rce-cve-2015-6000.html", "name" : "http://b.fl7.de/2015/09/vtiger-crm-authenticated-rce-cve-2015-6000.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com//archive/1/536563/100/0/threaded", "name" : "http://www.securityfocus.com//archive/1/536563/100/0/threaded", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com//archive/1/536563/100/0/threaded", "name" : "http://www.securityfocus.com//archive/1/536563/100/0/threaded", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/38345/", "name" : "https://www.exploit-db.com/exploits/38345/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/38345/", "name" : "https://www.exploit-db.com/exploits/38345/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-06T14:15Z", "lastModifiedDate" : "2024-11-21T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6041", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6043", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6054", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6060", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6062", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6063", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6067", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6090", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6105", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6110", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6116", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6119", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6120", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6121", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6129", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6137", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6163", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6167", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6178", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6179", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6180", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6181", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6182", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6183", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6185", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6186", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6187", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6188", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6189", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6190", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6191", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6192", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6193", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6194", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6195", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6196", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6197", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6198", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6199", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6200", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6201", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6202", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6203", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6204", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6205", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6206", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6207", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6208", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6209", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6210", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6211", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6212", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6213", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6214", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6215", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6216", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6217", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6218", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6219", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6220", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6221", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6222", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6223", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6224", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6225", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6226", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6227", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6228", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6229", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6230", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6231", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6232", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6233", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6234", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6235", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6236", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6253", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://open.edx.org/announcements/cve-2015-6253/", "name" : "https://open.edx.org/announcements/cve-2015-6253/", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://open.edx.org/announcements/cve-2015-6253/", "name" : "https://open.edx.org/announcements/cve-2015-6253/", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://open.edx.org/CVE-2015-6253", "name" : "https://open.edx.org/CVE-2015-6253", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://open.edx.org/CVE-2015-6253", "name" : "https://open.edx.org/CVE-2015-6253", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "edx-platform before 2015-08-17 allows XSS in the Studio listing of courses." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:edx:edx-platform:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-08-17", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-07-29T16:15Z", "lastModifiedDate" : "2024-11-21T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6264", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1349. Reason: This candidate is a reservation duplicate of CVE-2016-1349. Notes: All CVE users should reference CVE-2016-1349 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-04-01T22:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6283", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6338", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6339", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6342", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6436", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6437", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6438", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6439", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6440", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6441", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6442", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6443", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6444", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6445", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6446", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6447", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6448", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6449", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6450", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6451", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6452", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6453", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6455", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6457", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moxa:softcms:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-03-21T20:29Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6458", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moxa:softcms:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-03-21T20:29Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6461", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:bmxnoe0110h_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:bmxnoe0110h:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:bmxnor0200h_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:bmxnor0200h:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-03-21T19:29Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6462", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:bmxnoe0110h_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:bmxnoe0110h:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:bmxnor0200h_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:bmxnor0200h:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-03-21T19:29Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6487", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6495", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_alalsdfkl4320_lfsk30f__l2k3jfsw34__39", "name" : "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_alalsdfkl4320_lfsk30f__l2k3jfsw34__39", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_alalsdfkl4320_lfsk30f__l2k3jfsw34__39", "name" : "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_alalsdfkl4320_lfsk30f__l2k3jfsw34__39", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudera:cloudera_manager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.8.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudera:cloudera_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndExcluding" : "5.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudera:cloudera_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.1.0", "versionEndExcluding" : "5.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudera:cloudera_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.2.0", "versionEndExcluding" : "5.2.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudera:cloudera_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.3.0", "versionEndExcluding" : "5.3.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudera:cloudera_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.4.0", "versionEndExcluding" : "5.4.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-26T14:15Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6497", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html", "name" : "http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html", "name" : "http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://karmainsecurity.com/KIS-2015-04", "name" : "http://karmainsecurity.com/KIS-2015-04", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://karmainsecurity.com/KIS-2015-04", "name" : "http://karmainsecurity.com/KIS-2015-04", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://magento.com/security/patches/supee-6482", "name" : "http://magento.com/security/patches/supee-6482", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://magento.com/security/patches/supee-6482", "name" : "http://magento.com/security/patches/supee-6482", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://packetstormsecurity.com/files/133544/Magento-1.9.2-File-Inclusion.html", "name" : "http://packetstormsecurity.com/files/133544/Magento-1.9.2-File-Inclusion.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133544/Magento-1.9.2-File-Inclusion.html", "name" : "http://packetstormsecurity.com/files/133544/Magento-1.9.2-File-Inclusion.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Sep/48", "name" : "http://seclists.org/fulldisclosure/2015/Sep/48", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Sep/48", "name" : "http://seclists.org/fulldisclosure/2015/Sep/48", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:magento:magento:*:*:*:*:community:*:*:*", "versionEndExcluding" : "1.9.2.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:magento:magento:*:*:*:*:enterprise:*:*:*", "versionEndExcluding" : "1.14.2.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.4.24", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.4.25", "versionEndExcluding" : "5.5.8", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T17:15Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6542", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3403. Reason: This candidate is a reservation duplicate of CVE-2016-3403. Notes: All CVE users should reference CVE-2016-3403 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-12T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6544", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/p/itop/code/3662/", "name" : "http://sourceforge.net/p/itop/code/3662/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://sourceforge.net/p/itop/code/3662/", "name" : "http://sourceforge.net/p/itop/code/3662/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://sourceforge.net/p/itop/tickets/1114/", "name" : "http://sourceforge.net/p/itop/tickets/1114/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://sourceforge.net/p/itop/tickets/1114/", "name" : "http://sourceforge.net/p/itop/tickets/1114/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23268", "name" : "https://www.htbridge.com/advisory/HTB23268", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.htbridge.com/advisory/HTB23268", "name" : "https://www.htbridge.com/advisory/HTB23268", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.0-2459", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-20T20:29Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6553", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-02-05T18:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6569", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" }, { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103132", "name" : "103132", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103132", "name" : "103132", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://floodlight.atlassian.net/wiki/spaces/floodlightcontroller/pages/24805419/Floodlight+v1.2", "name" : "https://floodlight.atlassian.net/wiki/spaces/floodlightcontroller/pages/24805419/Floodlight+v1.2", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://floodlight.atlassian.net/wiki/spaces/floodlightcontroller/pages/24805419/Floodlight+v1.2", "name" : "https://floodlight.atlassian.net/wiki/spaces/floodlightcontroller/pages/24805419/Floodlight+v1.2", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://github.com/floodlight/floodlight/pull/563", "name" : "https://github.com/floodlight/floodlight/pull/563", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/floodlight/floodlight/pull/563", "name" : "https://github.com/floodlight/floodlight/pull/563", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atlassian:floodlight:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-21T15:29Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6589", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html", "name" : "http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html", "name" : "http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-450", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-450", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-450", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-450", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/38351/", "name" : "https://www.exploit-db.com/exploits/38351/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/38351/", "name" : "https://www.exploit-db.com/exploits/38351/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/76838", "name" : "https://www.securityfocus.com/bid/76838", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/76838", "name" : "https://www.securityfocus.com/bid/76838", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1.0.0", "versionEndExcluding" : "9.1.0.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.0.0.0", "versionEndExcluding" : "9.0.0.19", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0.0", "versionEndExcluding" : "8.0.0.23", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0.0.0", "versionEndExcluding" : "7.0.0.33", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-13T21:15Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6591", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/134081/articleFR-3.0.7-Arbitrary-File-Read.html", "name" : "http://packetstormsecurity.com/files/134081/articleFR-3.0.7-Arbitrary-File-Read.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/134081/articleFR-3.0.7-Arbitrary-File-Read.html", "name" : "http://packetstormsecurity.com/files/134081/articleFR-3.0.7-Arbitrary-File-Read.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freereprintables:articlefr:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T19:15Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6593", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6593. Reason: This candidate is a duplicate of CVE-2014-6593. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-6593 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-05-30T19:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6649", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6650", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6651", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6652", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6653", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6666", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-09-20T01:59Z", "lastModifiedDate" : "2023-11-07T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6815", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-835" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html", "name" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/09/04/4", "name" : "http://www.openwall.com/lists/oss-security/2015/09/04/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/09/04/4", "name" : "http://www.openwall.com/lists/oss-security/2015/09/04/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/09/05/5", "name" : "http://www.openwall.com/lists/oss-security/2015/09/05/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/09/05/5", "name" : "http://www.openwall.com/lists/oss-security/2015/09/05/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2745-1", "name" : "http://www.ubuntu.com/usn/USN-2745-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2745-1", "name" : "http://www.ubuntu.com/usn/USN-2745-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1260076", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1260076", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1260076", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1260076", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", "name" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", "name" : "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.4.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 3.5, "baseSeverity" : "LOW" }, "exploitabilityScore" : 2.1, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.7 }, "severity" : "LOW", "exploitabilityScore" : 5.1, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-31T22:15Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6865", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6866", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6868", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6869", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6870", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6871", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6872", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6873", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6874", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6875", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6876", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6877", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6878", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6879", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6880", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6881", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6882", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6883", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6884", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6885", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6886", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6887", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6888", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6889", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6890", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6891", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6892", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6893", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6894", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6895", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6896", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6897", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6898", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6899", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6900", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6901", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6902", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6903", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6904", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6905", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6906", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6907", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-01-21T15:15Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6922", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html", "name" : "http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html", "name" : "http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-448", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-448", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-448", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-448", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-449", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-449", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-449", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-449", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://helpdesk.kaseya.com/entries/96164487--Kaseya-Security-Advisory", "name" : "https://helpdesk.kaseya.com/entries/96164487--Kaseya-Security-Advisory", "refsource" : "", "tags" : [ "Broken Link", "Vendor Advisory" ] }, { "url" : "https://helpdesk.kaseya.com/entries/96164487--Kaseya-Security-Advisory", "name" : "https://helpdesk.kaseya.com/entries/96164487--Kaseya-Security-Advisory", "refsource" : "", "tags" : [ "Broken Link", "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/38351/", "name" : "https://www.exploit-db.com/exploits/38351/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/38351/", "name" : "https://www.exploit-db.com/exploits/38351/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1.0.0", "versionEndExcluding" : "9.1.0.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.0.0.0", "versionEndExcluding" : "9.0.0.19", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0.0", "versionEndExcluding" : "8.0.0.23", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0.0.0", "versionEndExcluding" : "7.0.0.33", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-17T18:15Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6926", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.oxid-esales.com/view.php?id=6224", "name" : "https://bugs.oxid-esales.com/view.php?id=6224", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugs.oxid-esales.com/view.php?id=6224", "name" : "https://bugs.oxid-esales.com/view.php?id=6224", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://oxidforge.org/en/oxid-security-bulletin-2015-001.html", "name" : "https://oxidforge.org/en/oxid-security-bulletin-2015-001.html", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://oxidforge.org/en/oxid-security-bulletin-2015-001.html", "name" : "https://oxidforge.org/en/oxid-security-bulletin-2015-001.html", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:community:*:*:*", "versionStartIncluding" : "4.0.1.0", "versionEndIncluding" : "4.4.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "4.0.1.0", "versionEndIncluding" : "4.4.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:professional:*:*:*", "versionStartIncluding" : "4.0.1.0", "versionEndIncluding" : "4.4.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-19T15:29Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6935", "ASSIGNER" : "security@vmware.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6947", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6946. Reason: This issue was MERGED into CVE-2015-6946 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2015-6946 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-09-15T18:59Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6960", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://open.edx.org/announcements/cve-2015-6960/", "name" : "https://open.edx.org/announcements/cve-2015-6960/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://open.edx.org/announcements/cve-2015-6960/", "name" : "https://open.edx.org/announcements/cve-2015-6960/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "edx-platform before 2015-09-17 allows XSS via a team name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:edx:edx-platform:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2015-09-17", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-07-29T16:15Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6963", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6964", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-697" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html", "name" : "https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html", "name" : "https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:multibit:multibit_hd:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2023-09-25T05:15Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6970", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-91" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.exploit-db.com/exploits/38369/", "name" : "https://www.exploit-db.com/exploits/38369/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/38369/", "name" : "https://www.exploit-db.com/exploits/38369/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:boschsecurity:nbn-498_dinion2x_day\\/night_ip_cameras_firmware:4.54.0026:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:boschsecurity:nbn-498_dinion2x_day\\/night_ip_cameras:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-18T14:15Z", "lastModifiedDate" : "2024-11-21T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-6998", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7025", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7026", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7027", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7028", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7114", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7118", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7119", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7120", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7121", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7122", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7123", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7124", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7125", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7126", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7127", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7128", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7129", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7130", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7131", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7132", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7133", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7134", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7135", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7136", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7137", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7138", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7139", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7140", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7141", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7142", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7143", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7144", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7145", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7146", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7147", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7148", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7149", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7150", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7151", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7152", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7153", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7154", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7155", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7156", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7157", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7158", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7159", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7160", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7161", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7162", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7163", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7164", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7165", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7166", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7167", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7168", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7169", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7170", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7171", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7172", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7173", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7206", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7209", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7266", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://media.pixalate.com/white-papers/xindi.pdf", "name" : "http://media.pixalate.com/white-papers/xindi.pdf", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] }, { "url" : "http://media.pixalate.com/white-papers/xindi.pdf", "name" : "http://media.pixalate.com/white-papers/xindi.pdf", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveraging failure to limit the time between bid responses and impression notifications, aka the Amnesia Bug." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iab:open_real-time_bidding:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-10-30T17:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7276", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/566724", "name" : "http://www.kb.cert.org/vuls/id/566724", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/566724", "name" : "http://www.kb.cert.org/vuls/id/566724", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://sec-consult.com/en/blog/2015/11/house-of-keys-industry-wide-https/", "name" : "https://sec-consult.com/en/blog/2015/11/house-of-keys-industry-wide-https/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://sec-consult.com/en/blog/2015/11/house-of-keys-industry-wide-https/", "name" : "https://sec-consult.com/en/blog/2015/11/house-of-keys-industry-wide-https/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Technicolor C2000T and C2100T uses hard-coded cryptographic keys." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:technicolor:c2000t_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:technicolor:c2000t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:technicolor:c2100t_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:technicolor:c2100t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-06T16:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7333", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "name" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "name" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.07.0008", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-27T15:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7334", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "name" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "name" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.07.0008", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-27T15:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7335", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "name" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "name" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.07.0008", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.0, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-27T15:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7336", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-347" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "name" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "name" : "https://support.lenovo.com/us/en/product_security/lsu_privilege", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.07.0008", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-27T15:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7338", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.integrity.pt/advisories/cve-2015-7338/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7338/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://labs.integrity.pt/advisories/cve-2015-7338/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7338/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acyba:acymailing:*:*:*:*:*:joomla\\!:*:*", "versionEndExcluding" : "4.9.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-09T17:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7339", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.integrity.pt/advisories/cve-2015-7339/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7339/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://labs.integrity.pt/advisories/cve-2015-7339/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7339/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:widgetfactorylimited:jce:*:*:*:*:*:joomla\\!:*:*", "versionStartIncluding" : "2.5.0", "versionEndIncluding" : "2.5.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-09T17:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7340", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.integrity.pt/advisories/cve-2015-7340/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7340/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://labs.integrity.pt/advisories/cve-2015-7340/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7340/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gwesystems:jevents:*:*:*:*:*:joomla\\!:*:*", "versionEndExcluding" : "3.4.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gwesystems:jevents:3.4.0:-:*:*:*:joomla\\!:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gwesystems:jevents:3.4.0:rc:*:*:*:joomla\\!:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gwesystems:jevents:3.4.0:rc3:*:*:*:joomla\\!:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gwesystems:jevents:3.4.0:rc4:*:*:*:joomla\\!:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gwesystems:jevents:3.4.0:rc5:*:*:*:joomla\\!:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-09T17:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7341", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.integrity.pt/advisories/cve-2015-7341/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7341/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://labs.integrity.pt/advisories/cve-2015-7341/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7341/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:joobi:jnews:*:*:*:*:*:joomla\\!:*:*", "versionEndExcluding" : "8.5.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-09T17:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7342", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.integrity.pt/advisories/cve-2015-7342/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7342/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://labs.integrity.pt/advisories/cve-2015-7342/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7342/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:joobi:jnews:*:*:*:*:*:joomla\\!:*:*", "versionEndExcluding" : "8.5.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-09T17:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7343", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.integrity.pt/advisories/cve-2015-7343/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7343/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://labs.integrity.pt/advisories/cve-2015-7343/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7343/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:joobi:jnews:8.3.1:*:*:*:*:joomla\\!:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-03-09T14:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7344", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.integrity.pt/advisories/cve-2015-7344/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7344/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://labs.integrity.pt/advisories/cve-2015-7344/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7344/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption]." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hikashop:hikashop:2.5.0:*:*:*:*:joomla\\!:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-03-09T14:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7379", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-10-07T22:15Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7380", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-10-07T22:15Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7401", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21977425", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21977425", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21977425", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21977425", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/107106", "name" : "ibm-curam-cve20157401-info-disc(107106)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/107106", "name" : "ibm-curam-cve20157401-info-disc(107106)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.1.0.0", "versionEndExcluding" : "6.1.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-26T18:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7423", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103687", "name" : "103687", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103687", "name" : "103687", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971543", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971543", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971543", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971543", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/107771", "name" : "ibm-infosphere-cve20157423-xss(107771)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/107771", "name" : "ibm-infosphere-cve20157423-xss(107771)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 107771." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_master_data_management:10.1:*:*:*:collaborative:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_master_data_management:9.1:*:*:*:collaborative:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_master_data_management:11.4:*:*:*:collaborative:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_master_data_management:11.0:*:*:*:collaborative:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_master_data_management:11.3:*:*:*:collaborative:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-26T18:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7424", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971542", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971542", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971542", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971542", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/107780", "name" : "ibm-infosphere-cve20157424-info-disc(107780)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/107780", "name" : "ibm-infosphere-cve20157424-info-disc(107780)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, 11.4, and 11.5 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information by leveraging Catalogs access. IBM X-Force ID: 107780." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_master_data_management:10.1:*:*:*:collaborative:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_master_data_management:9.1:*:*:*:collaborative:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_master_data_management:11.4:*:*:*:collaborative:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_master_data_management:11.0:*:*:*:collaborative:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_master_data_management:11.3:*:*:*:collaborative:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_master_data_management:11.5:*:*:*:collaborative:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-26T18:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7432", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974558", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974558", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974558", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974558", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/107861", "name" : "ibm-cma-cve20157432-info-disc(107861)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/107861", "name" : "ibm-cma-cve20157432-info-disc(107861)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:capacity_management_analytics:2.1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-26T18:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7433", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974556", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974556", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974556", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974556", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/107862", "name" : "ibm-cma-cve20157433-info-disc(107862)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/107862", "name" : "ibm-cma-cve20157433-info-disc(107862)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Capacity Management Analytics 2.1.0.0 allows local users to discover cleartext usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107862." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:capacity_management_analytics:2.1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-26T18:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7434", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974559", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974559", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974559", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974559", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/107863", "name" : "ibm-cma-cve20157434-info-disc(107863)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/107863", "name" : "ibm-cma-cve20157434-info-disc(107863)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Capacity Management Analytics 2.1.0.0 allows local users to discover encrypted usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107863." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:capacity_management_analytics:2.1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-26T18:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7440", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982747", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982747", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982747", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982747", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108098", "name" : "ibm-jazz-cve20157440-priv-escalation(108098)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108098", "name" : "ibm-jazz-cve20157440-priv-escalation(108098)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.1", "versionEndIncluding" : "6.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.0.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.0.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_requirements_composer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.0.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_requirements_composer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.3", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-15T22:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7449", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" }, { "lang" : "en", "value" : "CWE-326" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21985143", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21985143", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21985143", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21985143", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108221", "name" : "ibm-jazz-cve20157449-info-disc(108221)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108221", "name" : "ibm-jazz-cve20157449-info-disc(108221)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "6.0.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_requirements_composer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.3", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7453", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982747", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982747", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982747", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982747", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108296", "name" : "ibm-jazz-cve20157453-xss(108296)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108296", "name" : "ibm-jazz-cve20157453-xss(108296)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108296." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.1", "versionEndIncluding" : "6.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.0.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.0.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_requirements_composer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.0.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_requirements_composer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.3", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-15T22:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7458", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108354", "name" : "ibm-connections-cve20157458-xss(108354)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108354", "name" : "ibm-connections-cve20157458-xss(108354)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.0.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7459", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108355", "name" : "ibm-connections-cve20157459-xss(108355)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108355", "name" : "ibm-connections-cve20157459-xss(108355)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.0.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7460", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108356", "name" : "ibm-connections-cve20157460-xss(108356)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108356", "name" : "ibm-connections-cve20157460-xss(108356)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.0.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7461", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-399" }, { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108357", "name" : "ibm-connections-cve20157461-dos(108357)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108357", "name" : "ibm-connections-cve20157461-dos(108357)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:connections:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.0.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-20T21:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7463", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-285" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973442", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973442", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973442", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973442", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108393", "name" : "ibm-bpm-cve20157463-sec-bypass(108393)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108393", "name" : "ibm-bpm-cve20157463-sec-bypass(108393)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-15T22:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7471", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982747", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982747", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982747", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982747", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108429", "name" : "ibm-rtc-cve20157471-html-injection(108429)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108429", "name" : "ibm-rtc-cve20157471-html-injection(108429)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project. IBM X-Force ID: 108429." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.1", "versionEndIncluding" : "6.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.0.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.0.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_requirements_composer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.0.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_requirements_composer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.3", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-15T22:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7474", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108501", "name" : "ibm-rational-cve20157474-xss(108501)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108501", "name" : "ibm-rational-cve20157474-xss(108501)", "refsource" : "", "tags" : [ "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108501." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.3", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0", "versionEndIncluding" : "5.0.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0", "versionEndIncluding" : "6.0.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.0.1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-16T19:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7484", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108619", "name" : "ibm-relm-cve20157484-info-disc(108619)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108619", "name" : "ibm-relm-cve20157484-info-disc(108619)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force ID: 108619." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.0.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-16T19:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7485", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108626", "name" : "ibm-relm-cve20157485-xss(108626)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108626", "name" : "ibm-relm-cve20157485-xss(108626)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108626." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0", "versionEndIncluding" : "5.0.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0", "versionEndIncluding" : "6.0.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.0.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-16T19:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7486", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983720", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108633", "name" : "ibm-relm-cve20157486-xss(108633)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108633", "name" : "ibm-relm-cve20157486-xss(108633)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108633." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.3", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0", "versionEndIncluding" : "5.0.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0", "versionEndIncluding" : "6.0.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.0.1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-16T19:29Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7505", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2015/Dec/70", "name" : "http://seclists.org/fulldisclosure/2015/Dec/70", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Dec/70", "name" : "http://seclists.org/fulldisclosure/2015/Dec/70", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/537128/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/537128/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/537128/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/537128/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsurf-browser:libnsgif:0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-18T18:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7506", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2015/Dec/70", "name" : "http://seclists.org/fulldisclosure/2015/Dec/70", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Dec/70", "name" : "http://seclists.org/fulldisclosure/2015/Dec/70", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsurf-browser:libnsgif:0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-18T14:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7507", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2015/Dec/73", "name" : "http://seclists.org/fulldisclosure/2015/Dec/73", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Dec/73", "name" : "http://seclists.org/fulldisclosure/2015/Dec/73", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsurf-browser:libnsbmp:0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-18T19:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7508", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2015/Dec/73", "name" : "http://seclists.org/fulldisclosure/2015/Dec/73", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Dec/73", "name" : "http://seclists.org/fulldisclosure/2015/Dec/73", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsurf-browser:libnsbmp:0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-12T03:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7522", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7523", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7524", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7525", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7526", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7530", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7531", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7532", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7533", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7534", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7535", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7542", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-319" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174484.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174484.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174484.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174484.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174540.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174540.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174540.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174540.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2018-01/msg00038.html", "name" : "http://lists.opensuse.org/opensuse-updates/2018-01/msg00038.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2018-01/msg00038.html", "name" : "http://lists.opensuse.org/opensuse-updates/2018-01/msg00038.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1272503", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1272503", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1272503", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1272503", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aquamaniac:gwenhywfar:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-03T23:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7556", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2015/Dec/123", "name" : "http://seclists.org/fulldisclosure/2015/Dec/123", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Dec/123", "name" : "http://seclists.org/fulldisclosure/2015/Dec/123", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.vapidlabs.com/advisory.php?v=159", "name" : "http://www.vapidlabs.com/advisory.php?v=159", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapidlabs.com/advisory.php?v=159", "name" : "http://www.vapidlabs.com/advisory.php?v=159", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:delegate:delegate:9.9.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T15:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7559", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://issues.apache.org/jira/browse/AMQ-6470", "name" : "https://issues.apache.org/jira/browse/AMQ-6470", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://issues.apache.org/jira/browse/AMQ-6470", "name" : "https://issues.apache.org/jira/browse/AMQ-6470", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.14.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.15.0", "versionEndExcluding" : "5.15.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_fuse:6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_a-mq:6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_a-mq:6.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 2.7, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.2, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-01T14:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7567", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html", "name" : "http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html", "name" : "http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2016/Feb/44", "name" : "http://seclists.org/fulldisclosure/2016/Feb/44", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2016/Feb/44", "name" : "http://seclists.org/fulldisclosure/2016/Feb/44", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/537493/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/537493/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/537493/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/537493/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/39436/", "name" : "https://www.exploit-db.com/exploits/39436/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/39436/", "name" : "https://www.exploit-db.com/exploits/39436/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the \"passwordreset&token\" parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yeager:yeager_cms:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-18T18:15Z", "lastModifiedDate" : "2024-11-21T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7572", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0237. Reason: This candidate is a duplicate of CVE-2013-0237. Notes: All CVE users should reference CVE-2013-0237 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-04-24T18:59Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7573", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7574", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7582", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-2100. Reason: This candidate is a reservation duplicate of CVE-2016-2100. Notes: All CVE users should reference CVE-2016-2100 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-06-27T20:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7583", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7584", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7585", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7586", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7587", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7588", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7589", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7590", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7591", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7592", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7593", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7594", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7595", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7596", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gemalto:safenet_authentication_service_end_user_software_tools_for_windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-02T22:29Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7597", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gemalto:safenet_authentication_service_iis_agent:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-02T22:29Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7598", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gemalto:safenet_authentication_service_tokenvalidator_proxy_agent:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-02T22:29Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7609", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.zimbra.com/show_bug.cgi?id=101435", "name" : "https://bugzilla.zimbra.com/show_bug.cgi?id=101435", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.zimbra.com/show_bug.cgi?id=101435", "name" : "https://bugzilla.zimbra.com/show_bug.cgi?id=101435", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.zimbra.com/show_bug.cgi?id=101436", "name" : "https://bugzilla.zimbra.com/show_bug.cgi?id=101436", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.zimbra.com/show_bug.cgi?id=101436", "name" : "https://bugzilla.zimbra.com/show_bug.cgi?id=101436", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Security_Center", "name" : "https://wiki.zimbra.com/wiki/Security_Center", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Security_Center", "name" : "https://wiki.zimbra.com/wiki/Security_Center", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.fortiguard.com/zeroday/FG-VD-15-080", "name" : "https://www.fortiguard.com/zeroday/FG-VD-15-080", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.fortiguard.com/zeroday/FG-VD-15-080", "name" : "https://www.fortiguard.com/zeroday/FG-VD-15-080", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.fortiguard.com/zeroday/FG-VD-15-081", "name" : "https://www.fortiguard.com/zeroday/FG-VD-15-081", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.fortiguard.com/zeroday/FG-VD-15-081", "name" : "https://www.fortiguard.com/zeroday/FG-VD-15-081", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p4:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-30T20:29Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7610", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/", "name" : "https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/", "name" : "https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/", "name" : "https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/", "name" : "https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Security_Center", "name" : "https://wiki.zimbra.com/wiki/Security_Center", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Security_Center", "name" : "https://wiki.zimbra.com/wiki/Security_Center", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10", "name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10", "name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2", "name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2", "name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1", "name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1", "name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.7.0", "versionEndIncluding" : "8.7.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.8.0", "versionEndIncluding" : "8.8.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-05-30T21:29Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7646", "ASSIGNER" : "cert@airbus.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7681", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2016-02-10T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7731", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://seclists.org/bugtraq/2015/Aug/39", "name" : "https://seclists.org/bugtraq/2015/Aug/39", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2015/Aug/39", "name" : "https://seclists.org/bugtraq/2015/Aug/39", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.onapsis.com/research/security-advisories/SAP-Mobile-Platform-DataVault-Keystream-Recovery", "name" : "https://www.onapsis.com/research/security-advisories/SAP-Mobile-Platform-DataVault-Keystream-Recovery", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.onapsis.com/research/security-advisories/SAP-Mobile-Platform-DataVault-Keystream-Recovery", "name" : "https://www.onapsis.com/research/security-advisories/SAP-Mobile-Platform-DataVault-Keystream-Recovery", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:mobile_platform:3.0:05:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2021-08-09T19:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7747", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/06/2", "name" : "http://www.openwall.com/lists/oss-security/2015/10/06/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/06/2", "name" : "http://www.openwall.com/lists/oss-security/2015/10/06/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2787-1", "name" : "http://www.ubuntu.com/usn/USN-2787-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-2787-1", "name" : "http://www.ubuntu.com/usn/USN-2787-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721", "name" : "https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721", "name" : "https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch", "name" : "https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch", "name" : "https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/10/08/1", "name" : "https://www.openwall.com/lists/oss-security/2015/10/08/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/10/08/1", "name" : "https://www.openwall.com/lists/oss-security/2015/10/08/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:audio_file_library_project:audio_file_library:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.3.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-19T21:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7757", "ASSIGNER" : "sirt@juniper.net" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7779", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7800", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7810", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-367" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/10/12/7", "name" : "http://www.openwall.com/lists/oss-security/2015/10/12/7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/12/7", "name" : "http://www.openwall.com/lists/oss-security/2015/10/12/7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/72769", "name" : "http://www.securityfocus.com/bid/72769", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/72769", "name" : "http://www.securityfocus.com/bid/72769", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2015-7810", "name" : "https://access.redhat.com/security/cve/cve-2015-7810", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2015-7810", "name" : "https://access.redhat.com/security/cve/cve-2015-7810", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7810", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7810", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7810", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7810", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2015-7810", "name" : "https://security-tracker.debian.org/tracker/CVE-2015-7810", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2015-7810", "name" : "https://security-tracker.debian.org/tracker/CVE-2015-7810", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:videolan:libbluray:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 4.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.0, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:N/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 3.3 }, "severity" : "LOW", "exploitabilityScore" : 3.4, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-22T15:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7831", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v", "name" : "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v", "name" : "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndExcluding" : "5.4.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-26T14:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7848", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/77275", "name" : "77275", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/bid/77275", "name" : "77275", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securitytracker.com/id/1033951", "name" : "1033951", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securitytracker.com/id/1033951", "name" : "1033951", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.talosintelligence.com/reports/TALOS-2015-0052/", "name" : "http://www.talosintelligence.com/reports/TALOS-2015-0052/", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.talosintelligence.com/reports/TALOS-2015-0052/", "name" : "http://www.talosintelligence.com/reports/TALOS-2015-0052/", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security.gentoo.org/glsa/201607-15", "name" : "GLSA-201607-15", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201607-15", "name" : "GLSA-201607-15", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20171004-0001/", "name" : "https://security.netapp.com/advisory/ntap-20171004-0001/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20171004-0001/", "name" : "https://security.netapp.com/advisory/ntap-20171004-0001/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:data_ontap_operating_in_7-mode:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.3.0", "versionEndExcluding" : "4.3.77", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndExcluding" : "4.2.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2017-01-06T21:59Z", "lastModifiedDate" : "2025-05-23T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7851", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.ntp.org/bin/view/Main/NtpBug2918", "name" : "http://support.ntp.org/bin/view/Main/NtpBug2918", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://support.ntp.org/bin/view/Main/NtpBug2918", "name" : "http://support.ntp.org/bin/view/Main/NtpBug2918", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://support.ntp.org/bin/view/Main/SecurityNotice", "name" : "http://support.ntp.org/bin/view/Main/SecurityNotice", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://support.ntp.org/bin/view/Main/SecurityNotice", "name" : "http://support.ntp.org/bin/view/Main/SecurityNotice", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://www.talosintel.com/reports/TALOS-2015-0062/", "name" : "http://www.talosintel.com/reports/TALOS-2015-0062/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.talosintel.com/reports/TALOS-2015-0062/", "name" : "http://www.talosintel.com/reports/TALOS-2015-0062/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.3.0", "versionEndExcluding" : "4.3.77", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.2.0", "versionEndExcluding" : "4.2.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-28T17:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7874", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.exploit-db.com/exploits/39119/", "name" : "https://www.exploit-db.com/exploits/39119/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/39119/", "name" : "https://www.exploit-db.com/exploits/39119/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:portapps:kitty_portable:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.65.0.2p", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T16:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7882", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jira.mongodb.org/browse/SERVER-20691", "name" : "https://jira.mongodb.org/browse/SERVER-20691", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://jira.mongodb.org/browse/SERVER-20691", "name" : "https://jira.mongodb.org/browse/SERVER-20691", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mongodb:mongodb:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "3.0.0", "versionEndIncluding" : "3.0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-07-19T16:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7890", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html", "name" : "http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html", "name" : "http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://code.google.com/p/google-security-research/issues/detail?id=491", "name" : "https://code.google.com/p/google-security-research/issues/detail?id=491", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://code.google.com/p/google-security-research/issues/detail?id=491", "name" : "https://code.google.com/p/google-security-research/issues/detail?id=491", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/38556/", "name" : "https://www.exploit-db.com/exploits/38556/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/38556/", "name" : "https://www.exploit-db.com/exploits/38556/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:samsung:galaxy_s6_edge_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-12T15:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7892", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/134108/Samsung-M2m1shot-Kernel-Driver-Buffer-Overflow.html", "name" : "http://packetstormsecurity.com/files/134108/Samsung-M2m1shot-Kernel-Driver-Buffer-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/134108/Samsung-M2m1shot-Kernel-Driver-Buffer-Overflow.html", "name" : "http://packetstormsecurity.com/files/134108/Samsung-M2m1shot-Kernel-Driver-Buffer-Overflow.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://code.google.com/p/google-security-research/issues/detail?id=493", "name" : "https://code.google.com/p/google-security-research/issues/detail?id=493", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://code.google.com/p/google-security-research/issues/detail?id=493", "name" : "https://code.google.com/p/google-security-research/issues/detail?id=493", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/38555/", "name" : "https://www.exploit-db.com/exploits/38555/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/38555/", "name" : "https://www.exploit-db.com/exploits/38555/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samsung:m2m1shot_driver:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-09T20:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7920", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7922", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7946", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://launchpad.net/bugs/1525981", "name" : "https://launchpad.net/bugs/1525981", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://launchpad.net/bugs/1525981", "name" : "https://launchpad.net/bugs/1525981", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ubports:unity8:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-05-07T23:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7947", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7948", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7949", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7950", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7951", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7952", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7953", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7954", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7955", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7956", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-06T02:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7957", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-06T02:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7958", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-06T02:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7959", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-06T02:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7960", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-06T02:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7961", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gemalto:safenet_authentication_service_remote_web_workplace_agent:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-02T22:29Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7962", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gemalto:safenet_authentication_service_for_outlook_web_app_agent:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-02T22:29Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7963", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gemalto:safenet_authentication_service_for_ad_fs_agent:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-02T22:29Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7964", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gemalto:safenet_authentication_service_for_nps_agent:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-02T22:29Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7965", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7966." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gemalto:safenet_authentication_service_windows_logon_agent:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-02T22:29Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7966", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gemalto:safenet_authentication_service_windows_logon_agent:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-02T22:29Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7967", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://safenet.gemalto.com/technical-support/security-updates/", "name" : "https://safenet.gemalto.com/technical-support/security-updates/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gemalto:safenet_authentication_service_for_citrix_web_interface_agent:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-02T22:29Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-7968", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.integrity.pt/advisories/cve-2015-7968/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7968/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://labs.integrity.pt/advisories/cve-2015-7968/", "name" : "https://labs.integrity.pt/advisories/cve-2015-7968/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:netweaver_application_server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2183189", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-09T14:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8011", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/10/16/2", "name" : "http://www.openwall.com/lists/oss-security/2015/10/16/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/16/2", "name" : "http://www.openwall.com/lists/oss-security/2015/10/16/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/30/2", "name" : "http://www.openwall.com/lists/oss-security/2015/10/30/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/30/2", "name" : "http://www.openwall.com/lists/oss-security/2015/10/30/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf", "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf", "refsource" : "", "tags" : [ ] }, { "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf", "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2", "name" : "https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2", "name" : "https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html", "name" : "[debian-lts-announce] 20210219 [SECURITY] [DLA 2571-1] openvswitch security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html", "name" : "[debian-lts-announce] 20210219 [SECURITY] [DLA 2571-1] openvswitch security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/", "name" : "FEDORA-2021-fba11d37ee", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/", "name" : "FEDORA-2021-fba11d37ee", "refsource" : "", "tags" : [ ] }, { "url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07", "name" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07", "refsource" : "", "tags" : [ ] }, { "url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07", "name" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2021/dsa-4836", "name" : "DSA-4836", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2021/dsa-4836", "name" : "DSA-4836", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lldpd_project:lldpd:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.5.6", "versionEndExcluding" : "0.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-28T19:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8012", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-617" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2015/10/18/2", "name" : "http://www.openwall.com/lists/oss-security/2015/10/18/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/18/2", "name" : "http://www.openwall.com/lists/oss-security/2015/10/18/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/30/2", "name" : "http://www.openwall.com/lists/oss-security/2015/10/30/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/30/2", "name" : "http://www.openwall.com/lists/oss-security/2015/10/30/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00", "name" : "https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00", "name" : "https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/vincentbernat/lldpd/commit/9221b5c249f9e4843f77c7f888d5705348d179c0", "name" : "https://github.com/vincentbernat/lldpd/commit/9221b5c249f9e4843f77c7f888d5705348d179c0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/vincentbernat/lldpd/commit/9221b5c249f9e4843f77c7f888d5705348d179c0", "name" : "https://github.com/vincentbernat/lldpd/commit/9221b5c249f9e4843f77c7f888d5705348d179c0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lldpd_project:lldpd:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.8.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-28T19:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8031", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/advisories/GHSA-j3h2-8mf8-j5r2", "name" : "https://github.com/advisories/GHSA-j3h2-8mf8-j5r2", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/advisories/GHSA-j3h2-8mf8-j5r2", "name" : "https://github.com/advisories/GHSA-j3h2-8mf8-j5r2", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://security.snyk.io/vuln/SNYK-JAVA-ORGJVNETHUDSONMAIN-31221", "name" : "https://security.snyk.io/vuln/SNYK-JAVA-ORGJVNETHUDSONMAIN-31221", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://security.snyk.io/vuln/SNYK-JAVA-ORGJVNETHUDSONMAIN-31221", "name" : "https://security.snyk.io/vuln/SNYK-JAVA-ORGJVNETHUDSONMAIN-31221", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wiki.eclipse.org/Hudson-ci/alerts/CVE-2015-8031", "name" : "https://wiki.eclipse.org/Hudson-ci/alerts/CVE-2015-8031", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://wiki.eclipse.org/Hudson-ci/alerts/CVE-2015-8031", "name" : "https://wiki.eclipse.org/Hudson-ci/alerts/CVE-2015-8031", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eclipse:hudson:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2022-07-18T21:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8032", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/textpattern/textpattern/blob/f94c3fb9916ee0c7fa4a52025fa4e8c3273e355b/HISTORY.txt", "name" : "https://github.com/textpattern/textpattern/blob/f94c3fb9916ee0c7fa4a52025fa4e8c3273e355b/HISTORY.txt", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/textpattern/textpattern/blob/f94c3fb9916ee0c7fa4a52025fa4e8c3273e355b/HISTORY.txt", "name" : "https://github.com/textpattern/textpattern/blob/f94c3fb9916ee0c7fa4a52025fa4e8c3273e355b/HISTORY.txt", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/textpattern/textpattern/commit/950d9e0e4ee46efa41e791eac6cd55d2f558c3c9", "name" : "https://github.com/textpattern/textpattern/commit/950d9e0e4ee46efa41e791eac6cd55d2f558c3c9", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/textpattern/textpattern/commit/950d9e0e4ee46efa41e791eac6cd55d2f558c3c9", "name" : "https://github.com/textpattern/textpattern/commit/950d9e0e4ee46efa41e791eac6cd55d2f558c3c9", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Textpattern 4.5.7, an unprivileged author can change an article's markup setting." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:textpattern:textpattern:4.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-08-14T19:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8033", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-521" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/textpattern/textpattern/blob/f94c3fb9916ee0c7fa4a52025fa4e8c3273e355b/HISTORY.txt", "name" : "https://github.com/textpattern/textpattern/blob/f94c3fb9916ee0c7fa4a52025fa4e8c3273e355b/HISTORY.txt", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/textpattern/textpattern/blob/f94c3fb9916ee0c7fa4a52025fa4e8c3273e355b/HISTORY.txt", "name" : "https://github.com/textpattern/textpattern/blob/f94c3fb9916ee0c7fa4a52025fa4e8c3273e355b/HISTORY.txt", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/textpattern/textpattern/commit/1c09094187b9aeb18f09697bc7d1db12d078ae10", "name" : "https://github.com/textpattern/textpattern/commit/1c09094187b9aeb18f09697bc7d1db12d078ae10", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/textpattern/textpattern/commit/1c09094187b9aeb18f09697bc7d1db12d078ae10", "name" : "https://github.com/textpattern/textpattern/commit/1c09094187b9aeb18f09697bc7d1db12d078ae10", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:textpattern:textpattern:4.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-08-14T19:15Z", "lastModifiedDate" : "2024-11-21T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8054", "ASSIGNER" : "cert@airbus.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8075", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-11-06T11:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8091", "ASSIGNER" : "security@tibco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8094", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html", "name" : "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html", "name" : "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/cloudera/hue/pull/346", "name" : "https://github.com/cloudera/hue/pull/346", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cloudera/hue/pull/346", "name" : "https://github.com/cloudera/hue/pull/346", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://issues.cloudera.org/browse/HUE-3626", "name" : "https://issues.cloudera.org/browse/HUE-3626", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://issues.cloudera.org/browse/HUE-3626", "name" : "https://issues.cloudera.org/browse/HUE-3626", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://www.harmfultrust.com/p/advisories.html", "name" : "https://www.harmfultrust.com/p/advisories.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.harmfultrust.com/p/advisories.html", "name" : "https://www.harmfultrust.com/p/advisories.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudera:hue:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.10.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-05-22T18:29Z", "lastModifiedDate" : "2024-11-21T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8114", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8115", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8116", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8117", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8118", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8119", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8120", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8121", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8122", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8123", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8132", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7263. Reason: This candidate is a reservation duplicate of CVE-2015-7263. Notes: All CVE users should reference CVE-2015-7263 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-11-25T16:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8133", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7264. Reason: This candidate is a reservation duplicate of CVE-2015-7264. Notes: All CVE users should reference CVE-2015-7264 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-11-25T16:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8134", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-11-25T16:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8135", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7265. Reason: This candidate is a reservation duplicate of CVE-2015-7265. Notes: All CVE users should reference CVE-2015-7265 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-11-25T16:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8146", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8146. Reason: This candidate is a duplicate of CVE-2014-8146. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-8146 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-05-19T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8147", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8147. Reason: This candidate is a duplicate of CVE-2014-8147. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-8147 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-05-19T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8155", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8176", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8176. Reason: This candidate is a duplicate of CVE-2014-8176. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-8176 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-07-13T16:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8177", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8178", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8179", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8180", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8181", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8182", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8183", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8184", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8185", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8186", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8187", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8188", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8189", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8190", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8191", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8192", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8193", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8194", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8195", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8196", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8197", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8198", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8199", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8200", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8201", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8202", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8203", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8204", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8205", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8206", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8207", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8208", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8209", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8210", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8211", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8248", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8290", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8291", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8292", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8293", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8294", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8295", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8296", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8297", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8298", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/134525/RXTEC-RXAdmin-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/134525/RXTEC-RXAdmin-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/134525/RXTEC-RXAdmin-SQL-Injection.html", "name" : "http://packetstormsecurity.com/files/134525/RXTEC-RXAdmin-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Nov/90", "name" : "20151124 : CVE-2015-8298 SQL Injection Vulnerability in RXTEC RXAdmin", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Nov/90", "name" : "20151124 : CVE-2015-8298 SQL Injection Vulnerability in RXTEC RXAdmin", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://github.com/sbaresearch/advisories/tree/public/2015/RXTEC_20150513", "name" : "https://github.com/sbaresearch/advisories/tree/public/2015/RXTEC_20150513", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/sbaresearch/advisories/tree/public/2015/RXTEC_20150513", "name" : "https://github.com/sbaresearch/advisories/tree/public/2015/RXTEC_20150513", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxtec:rxadmin:2012:06:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-09-24T19:29Z", "lastModifiedDate" : "2024-11-21T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8313", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-203" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2015/dsa-3408", "name" : "http://www.debian.org/security/2015/dsa-3408", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2015/dsa-3408", "name" : "http://www.debian.org/security/2015/dsa-3408", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/537012/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/537012/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/archive/1/537012/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/537012/100/0/threaded", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/78327", "name" : "http://www.securityfocus.com/bid/78327", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/78327", "name" : "http://www.securityfocus.com/bid/78327", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html", "name" : "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html", "name" : "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2015-8313", "name" : "https://security-tracker.debian.org/tracker/CVE-2015-8313", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2015-8313", "name" : "https://security-tracker.debian.org/tracker/CVE-2015-8313", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GnuTLS incorrectly validates the first byte of padding in CBC modes" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0.0", "versionEndIncluding" : "2.12.24", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-20T14:15Z", "lastModifiedDate" : "2024-11-21T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8314", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-312" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/advisories/GHSA-746g-3gfp-hfhw", "name" : "https://github.com/advisories/GHSA-746g-3gfp-hfhw", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/advisories/GHSA-746g-3gfp-hfhw", "name" : "https://github.com/advisories/GHSA-746g-3gfp-hfhw", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24", "name" : "https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24", "name" : "https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://rubysec.com/advisories/CVE-2015-8314/", "name" : "https://rubysec.com/advisories/CVE-2015-8314/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://rubysec.com/advisories/CVE-2015-8314/", "name" : "https://rubysec.com/advisories/CVE-2015-8314/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:heartcombo:devise:*:*:*:*:*:ruby:*:*", "versionEndExcluding" : "3.5.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2023-12-12T17:15Z", "lastModifiedDate" : "2025-05-27T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8342", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-11-25T16:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8366", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-129" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html", "name" : "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html", "name" : "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Nov/108", "name" : "http://seclists.org/fulldisclosure/2015/Nov/108", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Nov/108", "name" : "http://seclists.org/fulldisclosure/2015/Nov/108", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.libraw.org/news/libraw-0-17-1", "name" : "http://www.libraw.org/news/libraw-0-17-1", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.libraw.org/news/libraw-0-17-1", "name" : "http://www.libraw.org/news/libraw-0-17-1", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.17.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-14T16:15Z", "lastModifiedDate" : "2024-11-21T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8367", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-665" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html", "name" : "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html", "name" : "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Nov/108", "name" : "http://seclists.org/fulldisclosure/2015/Nov/108", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2015/Nov/108", "name" : "http://seclists.org/fulldisclosure/2015/Nov/108", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.libraw.org/news/libraw-0-17-1", "name" : "http://www.libraw.org/news/libraw-0-17-1", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.libraw.org/news/libraw-0-17-1", "name" : "http://www.libraw.org/news/libraw-0-17-1", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.17.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-14T16:15Z", "lastModifiedDate" : "2024-11-21T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8371", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-345" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html", "name" : "https://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html", "name" : "https://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/composer/composer", "name" : "https://github.com/composer/composer", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/composer/composer", "name" : "https://github.com/composer/composer", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/FriendsOfPHP/security-advisories/blob/e26be423c5bcfdb38478d2f92d1f928c15afb561/composer/composer/CVE-2015-8371.yaml", "name" : "https://github.com/FriendsOfPHP/security-advisories/blob/e26be423c5bcfdb38478d2f92d1f928c15afb561/composer/composer/CVE-2015-8371.yaml", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/FriendsOfPHP/security-advisories/blob/e26be423c5bcfdb38478d2f92d1f928c15afb561/composer/composer/CVE-2015-8371.yaml", "name" : "https://github.com/FriendsOfPHP/security-advisories/blob/e26be423c5bcfdb38478d2f92d1f928c15afb561/composer/composer/CVE-2015-8371.yaml", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/composer/composer/CVE-2015-8371.yml", "name" : "https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/composer/composer/CVE-2015-8371.yml", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/composer/composer/CVE-2015-8371.yml", "name" : "https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/composer/composer/CVE-2015-8371.yml", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getcomposer:composer:1.0.0:alpha1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getcomposer:composer:1.0.0:alpha10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getcomposer:composer:1.0.0:alpha2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getcomposer:composer:1.0.0:alpha11:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getcomposer:composer:1.0.0:alpha3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getcomposer:composer:1.0.0:alpha4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getcomposer:composer:1.0.0:alpha5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getcomposer:composer:1.0.0:alpha6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getcomposer:composer:1.0.0:alpha8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getcomposer:composer:1.0.0:alpha7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getcomposer:composer:1.0.0:alpha9:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-09-21T06:15Z", "lastModifiedDate" : "2024-11-21T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8490", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8491", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8492", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8493", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8494", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8495", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8496", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8497", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8498", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8499", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8500", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8501", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8502", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8513", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8514", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8515", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8516", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8517", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8525", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8526", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8527", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8528", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8532", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8533", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8534", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.lenovo.com/us/en/product_security/len_4326", "name" : "https://support.lenovo.com/us/en/product_security/len_4326", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.lenovo.com/us/en/product_security/len_4326", "name" : "https://support.lenovo.com/us/en/product_security/len_4326", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lenovo:solution_center:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.3.002", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-27T15:15Z", "lastModifiedDate" : "2024-11-21T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8535", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.lenovo.com/us/en/product_security/len_4326", "name" : "https://support.lenovo.com/us/en/product_security/len_4326", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.lenovo.com/us/en/product_security/len_4326", "name" : "https://support.lenovo.com/us/en/product_security/len_4326", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lenovo:solution_center:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.3.002", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-27T15:15Z", "lastModifiedDate" : "2024-11-21T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8536", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.lenovo.com/us/en/product_security/len_4326", "name" : "https://support.lenovo.com/us/en/product_security/len_4326", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.lenovo.com/us/en/product_security/len_4326", "name" : "https://support.lenovo.com/us/en/product_security/len_4326", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lenovo:solution_center:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.3.002", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-03-27T15:15Z", "lastModifiedDate" : "2024-11-21T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8546", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.samsungmobile.com/securityUpdate.smsb", "name" : "https://security.samsungmobile.com/securityUpdate.smsb", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security.samsungmobile.com/securityUpdate.smsb", "name" : "https://security.samsungmobile.com/securityUpdate.smsb", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:samsung:galaxy_note5:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:samsung:galaxy_s6_edge\\+:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-04-10T19:15Z", "lastModifiedDate" : "2024-11-21T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8549", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ocert.org/advisories/ocert-2015-011.html", "name" : "http://www.ocert.org/advisories/ocert-2015-011.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ocert.org/advisories/ocert-2015-011.html", "name" : "http://www.ocert.org/advisories/ocert-2015-011.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded", "name" : "http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/hydralabs/pyamf/pull/58", "name" : "https://github.com/hydralabs/pyamf/pull/58", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/hydralabs/pyamf/pull/58", "name" : "https://github.com/hydralabs/pyamf/pull/58", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/hydralabs/pyamf/releases/tag/v0.8.0", "name" : "https://github.com/hydralabs/pyamf/releases/tag/v0.8.0", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/hydralabs/pyamf/releases/tag/v0.8.0", "name" : "https://github.com/hydralabs/pyamf/releases/tag/v0.8.0", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pyamf:pyamf:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.8.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-15T15:15Z", "lastModifiedDate" : "2024-11-21T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8573", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8574", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8576", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8581", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0779. Reason: This candidate is a duplicate of CVE-2016-0779. Notes: All CVE users should reference CVE-2016-0779 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2015-12-16T21:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8582", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8583", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8584", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8585", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8586", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8587", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8588", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8589", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8590", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8591", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-03-16T15:59Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8637", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8674", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8751", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2016/01/07/10", "name" : "http://www.openwall.com/lists/oss-security/2016/01/07/10", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2016/01/07/10", "name" : "http://www.openwall.com/lists/oss-security/2016/01/07/10", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2016/01/08/2", "name" : "http://www.openwall.com/lists/oss-security/2016/01/08/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2016/01/08/2", "name" : "http://www.openwall.com/lists/oss-security/2016/01/08/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2016/01/11/3", "name" : "http://www.openwall.com/lists/oss-security/2016/01/11/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2016/01/11/3", "name" : "http://www.openwall.com/lists/oss-security/2016/01/11/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/80035", "name" : "80035", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/80035", "name" : "80035", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1294039", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1294039", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1294039", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1294039", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/re28d4c3c5b77138de47bf5b2ad04886d9104eb74ae3594e5f7254318%40%3Cdev.tomcat.apache.org%3E", "name" : "[tomcat-dev] 20210805 [Bug 65482] New: Jasper jar contains CVE-2015-8751 vulnerability", "refsource" : "", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/re28d4c3c5b77138de47bf5b2ad04886d9104eb74ae3594e5f7254318%40%3Cdev.tomcat.apache.org%3E", "name" : "[tomcat-dev] 20210805 [Bug 65482] New: Jasper jar contains CVE-2015-8751 vulnerability", "refsource" : "", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/rf15130c7b5f703664ce57a97934ffb8cc6065cbb1bf678dca8651519%40%3Cdev.tomcat.apache.org%3E", "name" : "[tomcat-dev] 20210805 [Bug 65482] Jasper jar contains CVE-2015-8751 vulnerability", "refsource" : "", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/rf15130c7b5f703664ce57a97934ffb8cc6065cbb1bf678dca8651519%40%3Cdev.tomcat.apache.org%3E", "name" : "[tomcat-dev] 20210805 [Bug 65482] Jasper jar contains CVE-2015-8751 vulnerability", "refsource" : "", "tags" : [ "Mailing List", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.900.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-17T22:15Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8752", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8802", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8819", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-07-08T18:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8824", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8825", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8826", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8827", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8828", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8829", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8851", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-331" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2016/04/13/8", "name" : "http://www.openwall.com/lists/oss-security/2016/04/13/8", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2016/04/13/8", "name" : "http://www.openwall.com/lists/oss-security/2016/04/13/8", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1327056", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1327056", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1327056", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1327056", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d", "name" : "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d", "name" : "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://nodesecurity.io/advisories/93", "name" : "https://nodesecurity.io/advisories/93", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/93", "name" : "https://nodesecurity.io/advisories/93", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:node-uuid_project:node-uuid:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "1.4.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-30T21:15Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8904", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8905", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8906", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8907", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8908", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8909", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8910", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8911", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8912", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8913", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-8980", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-updates/2017-02/msg00015.html", "name" : "openSUSE-SU-2017:0372", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.opensuse.org/opensuse-updates/2017-02/msg00015.html", "name" : "openSUSE-SU-2017:0372", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2016/Aug/76", "name" : "[Full Disclosure] 20160815 php-gettext php code execution in select_string, ngettext, npgettext count parameter <1.0.12", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2016/Aug/76", "name" : "[Full Disclosure] 20160815 php-gettext php code execution in select_string, ngettext, npgettext count parameter <1.0.12", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2017/01/18/4", "name" : "[oss-security] 20170118 Re: CVE Request: php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2017/01/18/4", "name" : "[oss-security] 20170118 Re: CVE Request: php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/95754", "name" : "95754", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/95754", "name" : "95754", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1367462", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1367462", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1367462", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1367462", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://launchpad.net/php-gettext/trunk/1.0.12", "name" : "https://launchpad.net/php-gettext/trunk/1.0.12", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://launchpad.net/php-gettext/trunk/1.0.12", "name" : "https://launchpad.net/php-gettext/trunk/1.0.12", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://lwn.net/Alerts/708838/", "name" : "https://lwn.net/Alerts/708838/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lwn.net/Alerts/708838/", "name" : "https://lwn.net/Alerts/708838/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php-gettext_project:php-gettext:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-04T21:15Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9008", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9009", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9010", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9011", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9012", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9013", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9014", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9015", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98874", "name" : "98874", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038623", "name" : "1038623", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-06-01", "name" : "https://source.android.com/security/bulletin/2017-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T18:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9016", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" }, { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9", "name" : "https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9", "name" : "https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4187", "name" : "DSA-4187", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2018/dsa-4187", "name" : "DSA-4187", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.0, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T18:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9074", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9075", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9076", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9077", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9078", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9079", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9080", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9081", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9082", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9083", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9084", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9085", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9086", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9087", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9088", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9089", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9090", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9091", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9092", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9093", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9094", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9095", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9108", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation performed on calls to a QSEE syscall may lead to arbitrary read/write or NULL Pointer exception when calling a downstream function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9109", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation inqsee_fuse_write could lead to untrusted pointer dereference." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9110", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation is performed on calls to the qsee_get_secure_state syscall." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9111", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, in a QTEE syscall handler, an untrusted pointer dereference can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9112", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 400, SD 800, SD 820, and SD 820A, lack of input validation in QSEE can cause potential buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9113", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, and SD 820A, untrusted pointer dereference in QSEE Syscall without proper validation can lead to access of blacklisted memory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9114", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation in qsee_query_counter syscall could lead to untrusted pointer dereference." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9115", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation is performed on calls to the qsee_prng_getdata syscall." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9116", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, and SD 820A, in a QTEE syscall handler, an untrusted pointer dereference can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9117", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9118", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, in ADSP's QDI Root-PD driver, untrusted arguments from User PD may cause integer overflow resulting in buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9119", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, sensitive information may be returned to the QMI client as a response." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9120", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-388" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835, detection of Error Condition Without Action in Core." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9121", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9122", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 835, possible buffer overflow if SIM card sends a response greater than 64KB of data for stream APDU command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9123", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, code to zeroize AES key could be compiled out by compiler which could potentially result in information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:fsm9055_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:fsm9055:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9124", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, the device may crash while accessing an invalid pointer or expose otherwise inaccessible memory contents." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 7.8, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9125", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9126", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, possible buffer overflow when processing 1X circuit service message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9127", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, and SD 810, possible null pointer dereference occurs due to failure of memory allocation when a large value is passed for buffer allocation in the Playready App." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9128", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835, lack of validation of the buffer size could lead to a buffer overread." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9129", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-191" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, if the size parameter passed to TZ_PR_CMD_CONTENT_SET_PROP is small, an integer underflow occurs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9130", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, in a PlayReady function, a NULL pointer dereference can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9131", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, lack of input validation in qsee can lead to unauthorized memory access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9132", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Small Cell SoC FSM9055, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, and SD 810, possible arbitrary memory read due to untrusted pointer dereference when handling HLOS controlled values passed to the QSEE syscall helper." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:fsm9055_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:fsm9055:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9133", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 410/12, SD 617, SD 650/52, SD 800, and SD 810, if Widevine App TZ_WV_CMD_DECRYPT_VIDEO is called with a size too large, an integer overflow may occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9134", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 615/16/SD 415, and SD 810, while processing QSEE Syscall 'qsee_macc_gen_ecc_privkey', untrusted pointer dereference occurs, which could result in arbitrary write." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9135", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in a QTEE syscall handler, an untrusted pointer dereference can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9136", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20, in pre-auth request, Host driver uses FT IEs sent by the supplicant. A buffer overflow may occur if FT IEs sent by the supplicant are larger than the expected value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9137", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-19" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, several EFS2 DIAG command handlers are not calling fs_diag_access_check()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9138", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, when an RSA encryption operation is called, the ce_util_to_unsigned_bin is invoked to convert the input buffer to unsigned binary. The ce_util_to_unsigned_bin function, instead of operating on the size of the unsigned character buffer that is passed, operates on the address - i.e. operates on \"c\" instead of \"*c\". Decrementing the address to check if it is less than zero means that the operation will always pass, since a pointer will never be less than zero, and may result in a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:fsm9055_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:fsm9055:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9139", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, and SD 820, improper input validation can occur while negotiating an SSL handshake." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9140", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, and SDX20, unauthorized memory access possible in online memory dump feature." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:fsm9055_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:fsm9055:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9141", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, in HHO scenarios, during the ACQ procedure, there are possible instances where the search database is incorrectly updated resulting in memory corruption due to buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9142", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-118" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9645, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, bounds check is missing for vtable index in DAL-TO-QDI conversion framework." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9143", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, and SDX20, when reading CDT from eMMC with a very large meta offset (>size of default CDT-array compiled in bootloader) for one of the CDBs, a buffer overflow occurs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9144", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, while processing scheduling message information, a buffer overflow can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9145", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, lack of input validation in NPA driver functions leads to null pointer dereference." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9146", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, SD 400, SD 800, SD 835, SD 845, SD 850, and SDX20, when QDI read, write, or ioctl are called, the passed-in pointer is not properly validated before accessing it for the delayed response." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9147", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, SD 400, and SD 800, userspace-provided pointer arguments are not validated." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9148", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, in the Diag User-PD command registration function, a length variable used during buffer allocation is not checked, so if it is very large, an integer overflow followed by a buffer overflow occurs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9149", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a DIAG ioctl handler, an untrusted pointer dereference can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9150", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, SD 400, and SD 800, while computing the length of memory allocated for a Diag event, if the buffer length is very small or greater than the maximum, an integer overflow may occur, which later results in a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9151", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, SD 400, and SD 800, userspace-provided pointer arguments are not validated." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9152", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile IPQ4019, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 800, SD 810, SD 820, SD 820A, SD 835, and Snapdragon_High_Med_2016, modem owned regions are accessible from secure side." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9153", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a DRM function, a buffer over-read can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9154", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9155", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9156", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, when making a high speed Dual Carrier Downlink Data call in a multicell environment, a buffer overflow may occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9157", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in widevine_dash_cmd_handler(), rsp buffers are passed off to widevine commands. These rsp buffers have values in them, such as buffer lengths, that need to be validated to ensure that no buffer overflow/over-reads happen. However, rsp buffers are not always in locked memory, meaning a time-of-check, time-of-use issue can occur where we check that the value is valid, but then a race condition occurs where this memory is swapped out with a different, possibly out of range, value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9158", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a QTEE crypto function, a buffer overflow can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9159", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation OEMCrypto_GetRandom can cause potential buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9160", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, integer overflow may occur when values passed from HLOS (graphics driver busy time, and total time) in TZBSP_GFX_DCVS_UPDATE_ID are very large." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9161", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, TOCTOU condition could lead to a buffer overflow in function playready_reader_bind()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9162", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in the function \"Certificate_CreateWithBuffer\" in the QSEE app TQS, in case of memory allocation failure, we free the memory and return the pointer without setting it to NULL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9163", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a PlayReady function, information exposure can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9164", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 820A, a buffer overread in Playready may occur due to lack of input validation of the buffer size provided by HLOS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9165", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-415" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, incorrect error handling could lead to a double free in QTEE file service API." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9166", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-19" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, DRM provisioning mechanisms used in QSEE applications have a feature to prevent further provisioning. This is done by creating an SFS file called 'finalize_prov_flag.data' at the end of provisioning. When this feature is enabled, provisioning calls check for the existence of the file in order to decide whether to do provisioning or not. Current implementation allows provisioning without sufficient checks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9167", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-191" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 820A, in an EMM command, an integer underflow can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9168", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9169", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, buffer over-read in QSEE app may cause confidential information to be leaked." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9170", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, incorrect offset check in wv_dash_core_refresh_keys() may lead to a buffer overread." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9171", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, if OEMCrypto_Dash_InstallEncapKeybox() is called with keyBoxLength set to a value higher than TZ_WV_MAX_DATA_LEN (20k), a buffer over-read occurs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9172", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a WideVine API function, a buffer over-read can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9173", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, missing of return value check in memscpy can cause memory corruption in TQS App." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9174", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, lack of validation of the return value prior to using for buffer allocation in QSEE application, TQS, may result in memory overwrite." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9175", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation could lead to an untrusted pointer dereference in wv_dash_core_generic_verify()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9176", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, Input_address is registered as a shared buffer and is not properly checked before use in OEMCrypto_Generic_Sign(). This allows addresses to be accessed that reside in secure/CP memory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9177", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a crypto API function, a buffer over-read can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9178", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, while processing the rmp secure command, memory corruption may result if the response buffer is smaller than the expected size." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9179", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8974, lack of length checking in OEMCrypto_DeriveKeysFromSessionKey() could lead to a buffer overflow vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8974_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8974:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9180", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, the response pointer passed from user space to SDMX_process is not checked before it is used. If the given response buffer length is smaller than 16 bytes, the response values will be written to a memory outside the buffer, possibly in the secure memory area." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9181", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835, in a crypto API function, a buffer over-read can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9182", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation in OEMCrypto_GenerateSignature() can cause buffer over read." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9183", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in TQS QSEE application, while parsing \"Set Certificates\" command an integer overflow may result in buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9184", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835, lack of length checking in wv_dash_core_load_keys_v8() could lead to a buffer overflow vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9185", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in multiple Secure DEMUX functions (e.g., SDMX_open_session, SDMX_close_session, SDMX_set_session_cfg), when parameter validation fails, an error code is written into a response buffer, without checking that response buffer length (rsplen) passed from HLOS is large enough to hold the response. If the buffer is at the end of a non-secure page followed by secured memory page, this can cause a secure memory corruption." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9186", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a PlayReady API function, a buffer over-read can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9187", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of buffer length validation in pvr_cmd_handler leads to unauthorized access to secure memory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9188", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in Secure DEMUX command handler, when parameter validation fails, an error code is written into a response buffer without checking that response buffer length, passed from HLOS, which may result in memory corruption." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9189", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 808, and SD 810, processing of TZ application command in tz_app_cmd_handler function could lead to potential content disclosure of secure memory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9190", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 808, and SD 810, if start_addr + size is too large in boot_clobber_check_local_address_range(), an integer overflow occurs, resulting in clobber protection check being bypassed and SBL memory corruption." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9191", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 617, SD 650/52, SD 808, SD 810, and SDX20, in a QTEE syscall handler, an untrusted pointer dereference can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9192", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, out of bounds memory access vulnerability may occur in the content protection manager due to improper validation of incoming messages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9193", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, improper input validation could cause a memory overread and cause the app to crash." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9194", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, during module load at TZ Startup, memory statically allocated by modules was not being properly set to zero first. Allowing the module to execute without reset gives it access to information from previous app thus leading to information exposure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9195", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9650, MDM9655, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, SD 810, and SDX20, in a QTEE syscall handler, HLOS can cause a buffer overflow to occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9196", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" }, { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Small Cell SoC FSM9055, MDM9635M, SD 400, and SD 800, improper input validation in tzbsp_ocmem can cause privilege escalation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:fsm9055_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:fsm9055:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9197", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-16" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, when enabling XPUs for SMEM partitions, if configuration values are out of range, memory access outside the SMEM may occur and set incorrect XPU configurations." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9198", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-191" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, integer underflow vulnerability in function qsee_register_log_buff may lead to arbitrary writing of secure memory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9199", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile IPQ4019, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, and SD 820A, A non-secure region check is done while registering QSEE buffer address which is passed by HLOS but not while logging in the QSEE buffer, so corruption of dynamically protected secure region can occur if the non-secure buffer is changed between the time it's checked and when it's used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9200", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, and SD 835, in some TrustZone API functions, untrusted pointers can be dereferenced." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9201", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, and SDX20, integer overflow in tzbsp can lead to privilege escalation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9202", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, while processing the content headers in the Playready module, a buffer overread may occur if the header count exceeds the expected value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9203", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation in playready_set_domainid could lead to a buffer overread." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9204", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, if cchFriendlyName is greater than TZ_PR_MAX_NAME_LEN in function playready_leavedomain_generate_challenge(), a buffer overread occurs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9205", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, in a PlayReady API function, a buffer over-read can occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9206", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, during XML encoding of a message in the Playready module, a buffer overread may occur if the message passed is large." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9207", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, lack of input validation in playready_getadditional_responsedata could lead to a buffer overread." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9208", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, and SD 810, the function tzbsp_pil_verify_sig() does not strictly check that the pointer to ELF and program headers and hash segment is within secure memory. It only checks that the address is not in non-secure memory. A given address range can overlap with both secure and non-secure regions - hence if such an address is passed in, it would not pass the non-secure range check, and would be considered valid by the function, even though that memory area could be modified by the non-secure side." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9209", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, there is improper access control in a file storage API." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9210", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation in playready_licacq_process_response() can lead to memory over read." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9211", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, while provising the Playready module, a buffer overread may occur if the message passed is large." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9212", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800, lack of input validation while processing TZ_PR_CMD_SAVE_KEY command could lead to a buffer overread." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9213", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-17" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, the DIAG-EFS command EFS2_DIAG_DELTREE, which is handled by the function fs_diag_deltree_handler(), is used to delete files and directories only inside the /public folder." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9214", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9215", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, and SD 810, improper input validation can cause a null pointer dereference in USB bootloader find_ep() function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9216", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, and SD 810, improper handling of simultaneous interrupt in USB module during USB RESET and EP COMPLETE." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9217", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, certain malformed HVEC clips could cause an assertion to fail." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9218", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-388" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, when processing bad HEVC clips, the DPB fills, and with no error handling for DPB being full, a hang occurs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9219", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, an integer overflow to buffer overflow can occur in a DRM API." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9220", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, and SDX20, integer overflow occurs when the size of the firmware section is incorrectly encoded in the firmware image." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca4531_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca4531:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca6584_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca6584:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9378_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9378:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9379:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9558_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9558:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9880_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9880:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9886_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9886:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:qca9980_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:qca9980:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9221", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 800, and SD 810, lack of validation of pointers passed by secure apps could lead to an untrusted pointer dereference." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9222", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-399" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/39739/", "name" : "39739", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/39739/", "name" : "39739", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, processing erroneous bitstreams may result in a HW freeze. FW should detect the HW freeze based on watchdog timer, but because the watchdog timer is not enabled, an infinite loop occurs, resulting in a device freeze." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9223", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 400, SD 600, and SD 800, a buffer overflow can occur when processing an audio buffer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9224", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, lack of input Validation in QURTK_write() can cause potential buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:fsm9055_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:fsm9055:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9225", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9235", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-327" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/", "name" : "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/", "refsource" : "", "tags" : [ "Broken Link", "Vendor Advisory" ] }, { "url" : "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/", "name" : "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/", "refsource" : "", "tags" : [ "Broken Link", "Vendor Advisory" ] }, { "url" : "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687", "name" : "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687", "name" : "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/17", "name" : "https://nodesecurity.io/advisories/17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/17", "name" : "https://nodesecurity.io/advisories/17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.timmclean.net/2015/02/25/jwt-alg-none.html", "name" : "https://www.timmclean.net/2015/02/25/jwt-alg-none.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.timmclean.net/2015/02/25/jwt-alg-none.html", "name" : "https://www.timmclean.net/2015/02/25/jwt-alg-none.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:auth0:jsonwebtoken:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "4.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-29T20:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9236", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/hapijs/hapi/issues/2840", "name" : "https://github.com/hapijs/hapi/issues/2840", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/hapijs/hapi/issues/2840", "name" : "https://github.com/hapijs/hapi/issues/2840", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/hapijs/hapi/issues/2850", "name" : "https://github.com/hapijs/hapi/issues/2850", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/hapijs/hapi/issues/2850", "name" : "https://github.com/hapijs/hapi/issues/2850", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/45", "name" : "https://nodesecurity.io/advisories/45", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/45", "name" : "https://nodesecurity.io/advisories/45", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS headers. This defeats the purpose of turning CORS on the route." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hapijs:hapi:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "11.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-31T20:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9238", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-134" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/vdemedes/secure-compare/pull/1", "name" : "https://github.com/vdemedes/secure-compare/pull/1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/vdemedes/secure-compare/pull/1", "name" : "https://github.com/vdemedes/secure-compare/pull/1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/50", "name" : "https://nodesecurity.io/advisories/50", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/50", "name" : "https://nodesecurity.io/advisories/50", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:secure-compare_project:secure-compare:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "3.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-31T20:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9239", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nodesecurity.io/advisories/51", "name" : "https://nodesecurity.io/advisories/51", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/51", "name" : "https://nodesecurity.io/advisories/51", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ansi2html_project:ansi2html:0.0.1:*:*:*:*:node.js:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-31T20:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9240", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nodesecurity.io/advisories/60", "name" : "https://nodesecurity.io/advisories/60", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/60", "name" : "https://nodesecurity.io/advisories/60", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keystonejs:keystone:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "0.3.16", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-29T20:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9241", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/hapijs/hapi/commit/aab2496e930dce5ee1ab28eecec94e0e45f03580", "name" : "https://github.com/hapijs/hapi/commit/aab2496e930dce5ee1ab28eecec94e0e45f03580", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/hapijs/hapi/commit/aab2496e930dce5ee1ab28eecec94e0e45f03580", "name" : "https://github.com/hapijs/hapi/commit/aab2496e930dce5ee1ab28eecec94e0e45f03580", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/jfhbrook/node-ecstatic/pull/179", "name" : "https://github.com/jfhbrook/node-ecstatic/pull/179", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/jfhbrook/node-ecstatic/pull/179", "name" : "https://github.com/jfhbrook/node-ecstatic/pull/179", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/63", "name" : "https://nodesecurity.io/advisories/63", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/63", "name" : "https://nodesecurity.io/advisories/63", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hapijs:hapi:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "11.1.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-29T20:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9242", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.chromium.org/p/v8/issues/detail?id=4640", "name" : "https://bugs.chromium.org/p/v8/issues/detail?id=4640", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.chromium.org/p/v8/issues/detail?id=4640", "name" : "https://bugs.chromium.org/p/v8/issues/detail?id=4640", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/jfhbrook/node-ecstatic/pull/179", "name" : "https://github.com/jfhbrook/node-ecstatic/pull/179", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/jfhbrook/node-ecstatic/pull/179", "name" : "https://github.com/jfhbrook/node-ecstatic/pull/179", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/64", "name" : "https://nodesecurity.io/advisories/64", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/64", "name" : "https://nodesecurity.io/advisories/64", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ecstatic_project:ecstatic:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "1.4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-29T20:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9243", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-254" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/hapijs/hapi/issues/2980", "name" : "https://github.com/hapijs/hapi/issues/2980", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/hapijs/hapi/issues/2980", "name" : "https://github.com/hapijs/hapi/issues/2980", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/65", "name" : "https://nodesecurity.io/advisories/65", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/65", "name" : "https://nodesecurity.io/advisories/65", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hapijs:hapi:*:*:*:*:*:node.js:*:*", "versionEndExcluding" : "11.1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-29T20:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9244", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/felixge/node-mysql/issues/342", "name" : "https://github.com/felixge/node-mysql/issues/342", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/felixge/node-mysql/issues/342", "name" : "https://github.com/felixge/node-mysql/issues/342", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/66", "name" : "https://nodesecurity.io/advisories/66", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/66", "name" : "https://nodesecurity.io/advisories/66", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysqljs:mysql:*:*:*:*:*:node.js:*:*", "versionEndIncluding" : "0.9.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysqljs:mysql:2.0.0:alpha:*:*:*:node.js:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysqljs:mysql:2.0.0:alpha2:*:*:*:node.js:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysqljs:mysql:2.0.0:alpha3:*:*:*:node.js:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysqljs:mysql:2.0.0:alpha4:*:*:*:node.js:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysqljs:mysql:2.0.0:alpha7:*:*:*:node.js:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysqljs:mysql:2.0.0:preview:*:*:*:node.js:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-29T20:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9246", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:skyboxsecurity:skybox_platform:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.5.201", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T22:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9247", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabilities exist in /skyboxview/webservice/services/VersionRepositoryWebService via a soapenv:Body element, or in the status parameter to login.html." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:skyboxsecurity:skybox_platform:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.5.401", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-12T22:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9248", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Manager." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:skyboxsecurity:skybox_platform:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.5.201", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-12T22:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9249", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:skyboxsecurity:skybox_platform:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.5.201", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T22:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9250", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:skyboxsecurity:skybox_platform:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.5.201", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T22:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9251", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", "name" : "openSUSE-SU-2020:0395", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", "name" : "openSUSE-SU-2020:0395", "refsource" : "", "tags" : [ ] }, { "url" : "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name" : "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "name" : "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name" : "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "name" : "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "name" : "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "name" : "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://seclists.org/fulldisclosure/2019/May/10", "name" : "20190510 dotCMS v5.1.1 Vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "http://seclists.org/fulldisclosure/2019/May/10", "name" : "20190510 dotCMS v5.1.1 Vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "http://seclists.org/fulldisclosure/2019/May/11", "name" : "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "refsource" : "", "tags" : [ ] }, { "url" : "http://seclists.org/fulldisclosure/2019/May/11", "name" : "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "refsource" : "", "tags" : [ ] }, { "url" : "http://seclists.org/fulldisclosure/2019/May/13", "name" : "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "refsource" : "", "tags" : [ ] }, { "url" : "http://seclists.org/fulldisclosure/2019/May/13", "name" : "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/105658", "name" : "105658", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/105658", "name" : "105658", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2020:0481", "name" : "RHSA-2020:0481", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2020:0481", "name" : "RHSA-2020:0481", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2020:0729", "name" : "RHSA-2020:0729", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2020:0729", "name" : "RHSA-2020:0729", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", "name" : "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", "name" : "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/jquery/jquery/issues/2432", "name" : "https://github.com/jquery/jquery/issues/2432", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/jquery/jquery/issues/2432", "name" : "https://github.com/jquery/jquery/issues/2432", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/jquery/jquery/pull/2588", "name" : "https://github.com/jquery/jquery/pull/2588", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/jquery/jquery/pull/2588", "name" : "https://github.com/jquery/jquery/pull/2588", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", "name" : "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", "name" : "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "refsource" : "", "tags" : [ ] }, { "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E", "name" : "[flink-dev] 20190811 Apache flink 1.7.2 security issues", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E", "name" : "[flink-dev] 20190811 Apache flink 1.7.2 security issues", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E", "name" : "[flink-user] 20190813 Apache flink 1.7.2 security issues", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E", "name" : "[flink-user] 20190813 Apache flink 1.7.2 security issues", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "name" : "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "name" : "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E", "name" : "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E", "name" : "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E", "name" : "[flink-user] 20190811 Apache flink 1.7.2 security issues", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E", "name" : "[flink-user] 20190811 Apache flink 1.7.2 security issues", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "name" : "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "name" : "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", "name" : "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", "name" : "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "name" : "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "name" : "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://seclists.org/bugtraq/2019/May/18", "name" : "20190509 dotCMS v5.1.1 Vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://seclists.org/bugtraq/2019/May/18", "name" : "20190509 dotCMS v5.1.1 Vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20210108-0004/", "name" : "https://security.netapp.com/advisory/ntap-20210108-0004/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20210108-0004/", "name" : "https://security.netapp.com/advisory/ntap-20210108-0004/", "refsource" : "", "tags" : [ ] }, { "url" : "https://snyk.io/vuln/npm:jquery:20150627", "name" : "https://snyk.io/vuln/npm:jquery:20150627", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://snyk.io/vuln/npm:jquery:20150627", "name" : "https://snyk.io/vuln/npm:jquery:20150627", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", "name" : "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", "name" : "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.oracle.com/security-alerts/cpuapr2020.html", "name" : "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpuapr2020.html", "name" : "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpujan2020.html", "name" : "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpujan2020.html", "name" : "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpujul2020.html", "name" : "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpujul2020.html", "name" : "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpuoct2020.html", "name" : "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpuoct2020.html", "name" : "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "name" : "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "name" : "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name" : "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name" : "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name" : "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name" : "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.tenable.com/security/tns-2019-08", "name" : "https://www.tenable.com/security/tns-2019-08", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.tenable.com/security/tns-2019-08", "name" : "https://www.tenable.com/security/tns-2019-08", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.1", "versionEndIncluding" : "17.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.1.0.4.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.0.0.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.3.0.1", "versionEndIncluding" : "4.3.0.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.4", "versionEndIncluding" : "8.0.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.2", "versionEndIncluding" : "8.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.2", "versionEndIncluding" : "8.0.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.4", "versionEndIncluding" : "8.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.4", "versionEndIncluding" : "8.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.5", "versionEndIncluding" : "8.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.4", "versionEndIncluding" : "8.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.3.3", "versionEndIncluding" : "7.3.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0", "versionEndIncluding" : "8.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-18T23:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9252", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-399" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e", "name" : "https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e", "name" : "https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/qpdf/qpdf/issues/51", "name" : "https://github.com/qpdf/qpdf/issues/51", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/qpdf/qpdf/issues/51", "name" : "https://github.com/qpdf/qpdf/issues/51", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3638-1/", "name" : "USN-3638-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3638-1/", "name" : "USN-3638-1", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qpdf_project:qpdf:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-13T19:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9253", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.php.net/bug.php?id=70185", "name" : "https://bugs.php.net/bug.php?id=70185", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugs.php.net/bug.php?id=70185", "name" : "https://bugs.php.net/bug.php?id=70185", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugs.php.net/bug.php?id=73342https://github.com/php/php-src/pull/3287", "name" : "https://bugs.php.net/bug.php?id=73342https://github.com/php/php-src/pull/3287", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugs.php.net/bug.php?id=73342https://github.com/php/php-src/pull/3287", "name" : "https://bugs.php.net/bug.php?id=73342https://github.com/php/php-src/pull/3287", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugs.php.net/bug.php?id=75968", "name" : "https://bugs.php.net/bug.php?id=75968", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugs.php.net/bug.php?id=75968", "name" : "https://bugs.php.net/bug.php?id=75968", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://github.com/php/php-src/blob/PHP-7.1.20/NEWS#L20-L22", "name" : "https://github.com/php/php-src/blob/PHP-7.1.20/NEWS#L20-L22", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/php/php-src/blob/PHP-7.1.20/NEWS#L20-L22", "name" : "https://github.com/php/php-src/blob/PHP-7.1.20/NEWS#L20-L22", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/php/php-src/commit/69dee5c732fe982c82edb17d0dbc3e79a47748d8", "name" : "https://github.com/php/php-src/commit/69dee5c732fe982c82edb17d0dbc3e79a47748d8", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/php/php-src/commit/69dee5c732fe982c82edb17d0dbc3e79a47748d8", "name" : "https://github.com/php/php-src/commit/69dee5c732fe982c82edb17d0dbc3e79a47748d8", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3766-1/", "name" : "USN-3766-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3766-1/", "name" : "USN-3766-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/4279-1/", "name" : "USN-4279-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/4279-1/", "name" : "USN-4279-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.futureweb.at/security/CVE-2015-9253/", "name" : "https://www.futureweb.at/security/CVE-2015-9253/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.futureweb.at/security/CVE-2015-9253/", "name" : "https://www.futureweb.at/security/CVE-2015-9253/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.2.0", "versionEndExcluding" : "7.2.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:7.3.0:alpha1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:7.3.0:alpha2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.1.20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-19T19:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9254", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "name" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "name" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Datto ALTO and SIRIS devices have a default VNC password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_3_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_2_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_xl_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_xl:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_3_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_2_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_3_x_all-flash_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_3_x_all-flash:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_virtual_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_virtual:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_imaged_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_imaged:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-20T06:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9255", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "name" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "name" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_3_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_2_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_xl_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_xl:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_3_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_2_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_3_x_all-flash_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_3_x_all-flash:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_virtual_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_virtual:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_imaged_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_imaged:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-20T06:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9256", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "name" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "name" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_3_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_2_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_xl_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_xl:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_3_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_2_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_3_x_all-flash_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_3_x_all-flash:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:siris_virtual_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:siris_virtual:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:datto:alto_imaged_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:datto:alto_imaged:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-20T06:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9257", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.bmc.com/docs/display/public/ars9000/Cross+site+scripting+%28XSS%29+in+Remedy+9.0%2C+9.0+Service+Pack+1", "name" : "https://docs.bmc.com/docs/display/public/ars9000/Cross+site+scripting+%28XSS%29+in+Remedy+9.0%2C+9.0+Service+Pack+1", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://docs.bmc.com/docs/display/public/ars9000/Cross+site+scripting+%28XSS%29+in+Remedy+9.0%2C+9.0+Service+Pack+1", "name" : "https://docs.bmc.com/docs/display/public/ars9000/Cross+site+scripting+%28XSS%29+in+Remedy+9.0%2C+9.0+Service+Pack+1", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bmc:remedy_action_request_system:9.0.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bmc:remedy_action_request_system:9.0.00.001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bmc:remedy_action_request_system:9.0.00.002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bmc:remedy_action_request_system:9.0.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bmc:remedy_action_request_system:9.0.01.001:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-24T20:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9258", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.docker.com/notary/changelog/", "name" : "https://docs.docker.com/notary/changelog/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://docs.docker.com/notary/changelog/", "name" : "https://docs.docker.com/notary/changelog/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf", "name" : "https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf", "name" : "https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:docker:notary:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-31T21:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9259", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.docker.com/notary/changelog/", "name" : "https://docs.docker.com/notary/changelog/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://docs.docker.com/notary/changelog/", "name" : "https://docs.docker.com/notary/changelog/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf", "name" : "https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf", "name" : "https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:docker:notary:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-31T21:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9260", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html", "name" : "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html", "name" : "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/bedita/bedita/issues/755#issuecomment-148036760", "name" : "https://github.com/bedita/bedita/issues/755#issuecomment-148036760", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/bedita/bedita/issues/755#issuecomment-148036760", "name" : "https://github.com/bedita/bedita/issues/755#issuecomment-148036760", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/bedita/bedita/releases/tag/v3.7.0", "name" : "https://github.com/bedita/bedita/releases/tag/v3.7.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/bedita/bedita/releases/tag/v3.7.0", "name" : "https://github.com/bedita/bedita/releases/tag/v3.7.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/cybersecurityworks/Disclosed/issues/8", "name" : "https://github.com/cybersecurityworks/Disclosed/issues/8", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/cybersecurityworks/Disclosed/issues/8", "name" : "https://github.com/cybersecurityworks/Disclosed/issues/8", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bedita:bedita:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.7.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-05T02:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9261", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "name" : "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "name" : "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "name" : "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "name" : "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", "name" : "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", "name" : "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://seclists.org/fulldisclosure/2019/Jun/18", "name" : "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2019/Jun/18", "name" : "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2019/Sep/7", "name" : "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2019/Sep/7", "name" : "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2020/Aug/20", "name" : "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2020/Aug/20", "name" : "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2022/Jun/36", "name" : "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2022/Jun/36", "name" : "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/25/3", "name" : "http://www.openwall.com/lists/oss-security/2015/10/25/3", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2015/10/25/3", "name" : "http://www.openwall.com/lists/oss-security/2015/10/25/3", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/803097", "name" : "https://bugs.debian.org/803097", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/803097", "name" : "https://bugs.debian.org/803097", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e", "name" : "https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e", "name" : "https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html", "name" : "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html", "name" : "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html", "name" : "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html", "name" : "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/14", "name" : "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/14", "name" : "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Sep/7", "name" : "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Sep/7", "name" : "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3935-1/", "name" : "USN-3935-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3935-1/", "name" : "USN-3935-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-26T19:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9262", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2018:3059", "name" : "RHSA-2018:3059", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:3059", "name" : "RHSA-2018:3059", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:3505", "name" : "RHSA-2018:3505", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:3505", "name" : "RHSA-2018:3505", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=90857", "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=90857", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=90857", "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=90857", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05", "name" : "https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05", "name" : "https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00016.html", "name" : "[debian-lts-announce] 20180818 [SECURITY] [DLA-1469-1] libxcursor security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00016.html", "name" : "[debian-lts-announce] 20180818 [SECURITY] [DLA-1469-1] libxcursor security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3729-1/", "name" : "USN-3729-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3729-1/", "name" : "USN-3729-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x:libxcursor:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.15", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-01T23:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9263", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php", "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php", "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/37888/", "name" : "37888", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/37888/", "name" : "37888", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2", "name" : "https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2", "name" : "https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:idera:uptime_infrastructure_monitor:7.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:idera:uptime_infrastructure_monitor:7.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-27T04:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9264", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.lansweeper.com/updates/lansweeper-6-0-0-48-security-update/", "name" : "https://www.lansweeper.com/updates/lansweeper-6-0-0-48-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.lansweeper.com/updates/lansweeper-6-0-0-48-security-update/", "name" : "https://www.lansweeper.com/updates/lansweeper-6-0-0-48-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lansweeper:lansweeper:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.2.0.90", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lansweeper:lansweeper:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0.19", "versionEndIncluding" : "6.0.0.45", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lansweeper:lansweeper:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0", "versionEndIncluding" : "5.3.0.34", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-27T04:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9265", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-14622. Reason: This candidate is a reservation duplicate of CVE-2018-14622. Notes: All CVE users should reference CVE-2018-14622 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-08-30T13:29Z", "lastModifiedDate" : "2023-11-07T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9266", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940", "name" : "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940", "name" : "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949", "name" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949", "name" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494", "name" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494", "name" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/73480", "name" : "https://hackerone.com/reports/73480", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/73480", "name" : "https://hackerone.com/reports/73480", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/39701/", "name" : "39701", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/39701/", "name" : "39701", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/39853/", "name" : "39853", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/39853/", "name" : "39853", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload", "name" : "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload", "name" : "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ui:airmax_ac_firmware:7.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ui:airmax_m_xm_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.6.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:airmax_m_xm:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ui:airmax_m_xw_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.6.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:airmax_m_xw:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ui:airmax_m_ti_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.6.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:airmax_m_ti:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ui:airgateway_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.15", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:airgateway:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ui:airfiber_af24_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:airfiber_af24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ui:airfiber_af24hd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:airfiber_af24hd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ui:af5x_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.0.2.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:af5x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ui:af5_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:af5:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ubnt:airos_4_xs2:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.0.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ubnt:airos_4_xs5:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.0.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:airmax_m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ubnt:edgeswitch_xp_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:edgeswitch_xp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-09-05T20:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9267", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://jvn.jp/en/jp/JVN68418039/index.html", "name" : "JVN#68418039", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://jvn.jp/en/jp/JVN68418039/index.html", "name" : "JVN#68418039", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html", "name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html", "name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://sourceforge.net/p/nsis/bugs/1125/", "name" : "https://sourceforge.net/p/nsis/bugs/1125/", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://sourceforge.net/p/nsis/bugs/1125/", "name" : "https://sourceforge.net/p/nsis/bugs/1125/", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.49", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-10-01T08:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9268", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://jvn.jp/en/jp/JVN68418039/index.html", "name" : "JVN#68418039", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://jvn.jp/en/jp/JVN68418039/index.html", "name" : "JVN#68418039", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html", "name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html", "name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://sourceforge.net/p/nsis/bugs/1125/", "name" : "https://sourceforge.net/p/nsis/bugs/1125/", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://sourceforge.net/p/nsis/bugs/1125/", "name" : "https://sourceforge.net/p/nsis/bugs/1125/", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.49", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-10-01T08:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9269", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://seclists.org/fulldisclosure/2015/Jul/97", "name" : "https://seclists.org/fulldisclosure/2015/Jul/97", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/fulldisclosure/2015/Jul/97", "name" : "https://seclists.org/fulldisclosure/2015/Jul/97", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wordpress-mobile-pack/#developers", "name" : "https://wordpress.org/plugins/wordpress-mobile-pack/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wordpress-mobile-pack/#developers", "name" : "https://wordpress.org/plugins/wordpress-mobile-pack/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/07/19/1", "name" : "https://www.openwall.com/lists/oss-security/2015/07/19/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/07/19/1", "name" : "https://www.openwall.com/lists/oss-security/2015/07/19/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.1.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-10-01T23:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9270", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://seclists.org/fulldisclosure/2015/Jul/125", "name" : "https://seclists.org/fulldisclosure/2015/Jul/125", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/fulldisclosure/2015/Jul/125", "name" : "https://seclists.org/fulldisclosure/2015/Jul/125", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/the-holiday-calendar/#developers", "name" : "https://wordpress.org/plugins/the-holiday-calendar/#developers", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/the-holiday-calendar/#developers", "name" : "https://wordpress.org/plugins/the-holiday-calendar/#developers", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:theholidaycalendar:holiday_calendar:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.11.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-10-01T23:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9271", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.vapidlabs.com/advisory.php?v=116", "name" : "http://www.vapidlabs.com/advisory.php?v=116", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapidlabs.com/advisory.php?v=116", "name" : "http://www.vapidlabs.com/advisory.php?v=116", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when \"html\" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:videowhisper:video_conference:4.91.8:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-10-04T23:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9272", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.vapidlabs.com/advisory.php?v=117", "name" : "http://www.vapidlabs.com/advisory.php?v=117", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.vapidlabs.com/advisory.php?v=117", "name" : "http://www.vapidlabs.com/advisory.php?v=117", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/04/01/2", "name" : "https://www.openwall.com/lists/oss-security/2015/04/01/2", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/04/01/2", "name" : "https://www.openwall.com/lists/oss-security/2015/04/01/2", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when \"html\" are the last four characters, as demonstrated by a .phtml file containing PHP code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:videowhisper:video_presentation:3.31.17:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-10-05T06:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9273", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://plugins.svn.wordpress.org//wp-slimstat/tags/4.1.6.1/readme.txt", "name" : "http://plugins.svn.wordpress.org//wp-slimstat/tags/4.1.6.1/readme.txt", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "http://plugins.svn.wordpress.org//wp-slimstat/tags/4.1.6.1/readme.txt", "name" : "http://plugins.svn.wordpress.org//wp-slimstat/tags/4.1.6.1/readme.txt", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/1204104", "name" : "https://plugins.trac.wordpress.org/changeset/1204104", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/1204104", "name" : "https://plugins.trac.wordpress.org/changeset/1204104", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/07/30/1", "name" : "https://www.openwall.com/lists/oss-security/2015/07/30/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/07/30/1", "name" : "https://www.openwall.com/lists/oss-security/2015/07/30/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wp-slimstat:slimstat_analytics:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.1.6.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-10-07T17:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9274", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7", "name" : "https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7", "name" : "https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:harfbuzz_project:harfbuzz:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-11-15T06:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9275", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00048.html", "name" : "openSUSE-SU-2020:0103", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00048.html", "name" : "openSUSE-SU-2020:0103", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugs.debian.org/774527", "name" : "https://bugs.debian.org/774527", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/774527", "name" : "https://bugs.debian.org/774527", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1179142", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1179142", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1179142", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1179142", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ARC 5.21q allows directory traversal via a full pathname in an archive file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:arc_project:arc:5.21q:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-01-07T18:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9276", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf", "name" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf", "name" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/uk/our-research/smartermail-stored-xss-in-emails/", "name" : "https://www.nccgroup.trust/uk/our-research/smartermail-stored-xss-in-emails/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/uk/our-research/smartermail-stored-xss-in-emails/", "name" : "https://www.nccgroup.trust/uk/our-research/smartermail-stored-xss-in-emails/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.smartertools.com/smartermail/release-notes/13", "name" : "https://www.smartertools.com/smartermail/release-notes/13", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.smartertools.com/smartermail/release-notes/13", "name" : "https://www.smartertools.com/smartermail/release-notes/13", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*", "versionEndExcluding" : "13.3.5535", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-01-16T16:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9277", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "name" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "name" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "name" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "name" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "name" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "name" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because \"/../\" and \"/.. /\" are mishandled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mailenable:mailenable:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.60", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-01-16T16:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9278", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "name" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "name" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "name" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "name" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "name" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "name" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mailenable:mailenable:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.60", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-01-16T16:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9279", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "name" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "name" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "name" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "name" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "name" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "name" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MailEnable before 8.60 allows Stored XSS via malformed use of \"\" character in the body of an e-mail message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mailenable:mailenable:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.60", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-01-16T16:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9280", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "name" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory", "Vendor Advisory" ] }, { "url" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "name" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory", "Vendor Advisory" ] }, { "url" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "name" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "name" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "name" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "name" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*", "versionEndExcluding" : "8.60", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 10.0, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 6.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-01-16T16:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9281", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.sas.com/kb/55/537.html", "name" : "http://support.sas.com/kb/55/537.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://support.sas.com/kb/55/537.html", "name" : "http://support.sas.com/kb/55/537.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sas:web_infrastructure_platform:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sas:web_infrastructure_platform:9.4:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sas:web_infrastructure_platform:9.4:maintenance_release_1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sas:web_infrastructure_platform:9.4:maintenance_release_2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sas:web_infrastructure_platform:9.4:maintenance_release_3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sas:web_infrastructure_platform:9.4:maintenance_release_4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sas:web_infrastructure_platform:9.4:maintenance_release_5:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:hpe:hp-ux_ipfilter:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-01-17T01:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9282", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/grafana/grafana/issues/4117", "name" : "https://github.com/grafana/grafana/issues/4117", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/grafana/grafana/issues/4117", "name" : "https://github.com/grafana/grafana/issues/4117", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/grafana/piechart-panel/issues/3", "name" : "https://github.com/grafana/piechart-panel/issues/3", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/grafana/piechart-panel/issues/3", "name" : "https://github.com/grafana/piechart-panel/issues/3", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/grafana/piechart-panel/pull/163", "name" : "https://github.com/grafana/piechart-panel/pull/163", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/grafana/piechart-panel/pull/163", "name" : "https://github.com/grafana/piechart-panel/pull/163", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://padlock.argh.in/2019/02/05/exploiting-xss-grafana.html", "name" : "https://padlock.argh.in/2019/02/05/exploiting-xss-grafana.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://padlock.argh.in/2019/02/05/exploiting-xss-grafana.html", "name" : "https://padlock.argh.in/2019/02/05/exploiting-xss-grafana.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attacker to gain remote unauthenticated access to the dashboard." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:grafana:piechart-panel:*:*:*:*:*:grafana:*:*", "versionEndIncluding" : "1.3.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-02-06T19:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9284", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/omniauth/omniauth/pull/809", "name" : "https://github.com/omniauth/omniauth/pull/809", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/omniauth/omniauth/pull/809", "name" : "https://github.com/omniauth/omniauth/pull/809", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284", "name" : "https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] }, { "url" : "https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284", "name" : "https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] }, { "url" : "https://github.com/omniauth/omniauth-rails/pull/1", "name" : "https://github.com/omniauth/omniauth-rails/pull/1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/omniauth/omniauth-rails/pull/1", "name" : "https://github.com/omniauth/omniauth-rails/pull/1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/05/26/11", "name" : "[oss-security] 20150526 CVE Request: CSRF vulnerability in OmniAuth request phase", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2015/05/26/11", "name" : "[oss-security] 20150526 CVE Request: CSRF vulnerability in OmniAuth request phase", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:omniauth:omniauth:*:*:*:*:*:ruby:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-04-26T15:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9285", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/esotalk/esoTalk/issues/444", "name" : "https://github.com/esotalk/esoTalk/issues/444", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/esotalk/esoTalk/issues/444", "name" : "https://github.com/esotalk/esoTalk/issues/444", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://lists.openwall.net/full-disclosure/2015/12/23/13", "name" : "https://lists.openwall.net/full-disclosure/2015/12/23/13", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.openwall.net/full-disclosure/2015/12/23/13", "name" : "https://lists.openwall.net/full-disclosure/2015/12/23/13", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esotalk:esotalk:1.0.0:g4:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-04-29T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9286", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "name" : "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "name" : "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/NodeBB/NodeBB/pull/3371", "name" : "https://github.com/NodeBB/NodeBB/pull/3371", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/NodeBB/NodeBB/pull/3371", "name" : "https://github.com/NodeBB/NodeBB/pull/3371", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "name" : "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "name" : "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.vulnerability-lab.com/get_content.php?id=1608", "name" : "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.vulnerability-lab.com/get_content.php?id=1608", "name" : "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.7.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-04-30T14:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9287", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://doi.org/10.1007/978-3-030-03251-7_1", "name" : "https://doi.org/10.1007/978-3-030-03251-7_1", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://doi.org/10.1007/978-3-030-03251-7_1", "name" : "https://doi.org/10.1007/978-3-030-03251-7_1", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://github.com/grymer/CVE", "name" : "https://github.com/grymer/CVE", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/grymer/CVE", "name" : "https://github.com/grymer/CVE", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field (\"kid\") of the IdP's HTTP response message (\"WLS-Response\") can be manipulated by an attacker. The \"kid\" field is not signed like the rest of the message, and manipulation is therefore trivial. The \"kid\" field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cam:the_university_of_cambridge_web_authentication_system_apache_authentication_agent:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-13T16:29Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9288", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blogs.unity3d.com/2015/06/06/security-update-coming-for-web-player/", "name" : "https://blogs.unity3d.com/2015/06/06/security-update-coming-for-web-player/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://blogs.unity3d.com/2015/06/06/security-update-coming-for-web-player/", "name" : "https://blogs.unity3d.com/2015/06/06/security-update-coming-for-web-player/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unity:web_player:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0", "versionEndExcluding" : "5.0.3f2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unity:web_player:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.6.6f2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-07-29T16:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9289", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fa2337a315a2448c5434f41e00d56b01a22283c", "name" : "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fa2337a315a2448c5434f41e00d56b01a22283c", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fa2337a315a2448c5434f41e00d56b01a22283c", "name" : "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fa2337a315a2448c5434f41e00d56b01a22283c", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://github.com/torvalds/linux/commit/1fa2337a315a2448c5434f41e00d56b01a22283c", "name" : "https://github.com/torvalds/linux/commit/1fa2337a315a2448c5434f41e00d56b01a22283c", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://github.com/torvalds/linux/commit/1fa2337a315a2448c5434f41e00d56b01a22283c", "name" : "https://github.com/torvalds/linux/commit/1fa2337a315a2448c5434f41e00d56b01a22283c", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4", "name" : "https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4", "name" : "https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-07-27T22:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9290", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30", "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30", "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/08/msg00019.html", "name" : "[debian-lts-announce] 20190815 [SECURITY] [DLA 1887-1] freetype security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/08/msg00019.html", "name" : "[debian-lts-announce] 20190815 [SECURITY] [DLA 1887-1] freetype security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://savannah.nongnu.org/bugs/?45923", "name" : "https://savannah.nongnu.org/bugs/?45923", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://savannah.nongnu.org/bugs/?45923", "name" : "https://savannah.nongnu.org/bugs/?45923", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://support.f5.com/csp/article/K38315305", "name" : "https://support.f5.com/csp/article/K38315305", "refsource" : "", "tags" : [ ] }, { "url" : "https://support.f5.com/csp/article/K38315305", "name" : "https://support.f5.com/csp/article/K38315305", "refsource" : "", "tags" : [ ] }, { "url" : "https://support.f5.com/csp/article/K38315305?utm_source=f5support&%3Butm_medium=RSS", "name" : "https://support.f5.com/csp/article/K38315305?utm_source=f5support&%3Butm_medium=RSS", "refsource" : "", "tags" : [ ] }, { "url" : "https://support.f5.com/csp/article/K38315305?utm_source=f5support&%3Butm_medium=RSS", "name" : "https://support.f5.com/csp/article/K38315305?utm_source=f5support&%3Butm_medium=RSS", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.6.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-07-30T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9291", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://documentation.cpanel.net/display/CL/11.52+Change+Log", "name" : "https://documentation.cpanel.net/display/CL/11.52+Change+Log", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://documentation.cpanel.net/display/CL/11.52+Change+Log", "name" : "https://documentation.cpanel.net/display/CL/11.52+Change+Log", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.52.0.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-01T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9292", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cxsecurity.com/issue/WLB-2015040034", "name" : "https://cxsecurity.com/issue/WLB-2015040034", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://cxsecurity.com/issue/WLB-2015040034", "name" : "https://cxsecurity.com/issue/WLB-2015040034", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:6kbbs:6kbbs:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:6kbbs:6kbbs:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-08T21:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9293", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers", "name" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers", "name" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tipsandtricks-hq:all_in_one_wp_security_\\&_firewall:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.9.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-13T17:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9294", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers", "name" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers", "name" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tipsandtricks-hq:all_in_one_wp_security_\\&_firewall:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.9.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-13T17:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9295", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/contact-form-plugin/#developers", "name" : "https://wordpress.org/plugins/contact-form-plugin/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/contact-form-plugin/#developers", "name" : "https://wordpress.org/plugins/contact-form-plugin/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The contact-form-plugin plugin before 3.96 for WordPress has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bestwebsoft:contact_form:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.96", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-13T17:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9296", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/download-monitor/#developers", "name" : "https://wordpress.org/plugins/download-monitor/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/download-monitor/#developers", "name" : "https://wordpress.org/plugins/download-monitor/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:never5:download_monitor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.7.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-13T17:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9297", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/events-manager/#developers", "name" : "https://wordpress.org/plugins/events-manager/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/events-manager/#developers", "name" : "https://wordpress.org/plugins/events-manager/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9761", "name" : "https://wpvulndb.com/vulnerabilities/9761", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9761", "name" : "https://wpvulndb.com/vulnerabilities/9761", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The events-manager plugin before 5.6 for WordPress has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pixelite:events_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "5.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-13T17:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9298", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/events-manager/#developers", "name" : "https://wordpress.org/plugins/events-manager/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/events-manager/#developers", "name" : "https://wordpress.org/plugins/events-manager/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9761", "name" : "https://wpvulndb.com/vulnerabilities/9761", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9761", "name" : "https://wpvulndb.com/vulnerabilities/9761", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The events-manager plugin before 5.6 for WordPress has code injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pixelite:events_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "5.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-13T17:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9299", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/events-manager/#developers", "name" : "https://wordpress.org/plugins/events-manager/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/events-manager/#developers", "name" : "https://wordpress.org/plugins/events-manager/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pixelite:events_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "5.5.7.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-13T17:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9300", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/events-manager/#developers", "name" : "https://wordpress.org/plugins/events-manager/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/events-manager/#developers", "name" : "https://wordpress.org/plugins/events-manager/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pixelite:events_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "5.5.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-13T17:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9301", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/liveforms/#developers", "name" : "https://wordpress.org/plugins/liveforms/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/liveforms/#developers", "name" : "https://wordpress.org/plugins/liveforms/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The liveforms plugin before 3.2.0 for WordPress has SQL injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:w3eden:live_forms:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-13T17:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9302", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/simple-fields/#developers", "name" : "https://wordpress.org/plugins/simple-fields/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/simple-fields/#developers", "name" : "https://wordpress.org/plugins/simple-fields/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/8342", "name" : "https://wpvulndb.com/vulnerabilities/8342", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/8342", "name" : "https://wpvulndb.com/vulnerabilities/8342", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The simple-fields plugin before 1.4.11 for WordPress has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:simple_fields_project:simple_fields:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.4.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-13T17:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9303", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/simple-share-buttons-adder/#developers", "name" : "https://wordpress.org/plugins/simple-share-buttons-adder/#developers", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://wordpress.org/plugins/simple-share-buttons-adder/#developers", "name" : "https://wordpress.org/plugins/simple-share-buttons-adder/#developers", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:simplesharebuttons:simple_share_buttons_adder:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "6.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-12T16:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9304", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/ultimate-member/#developers", "name" : "https://wordpress.org/plugins/ultimate-member/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/ultimate-member/#developers", "name" : "https://wordpress.org/plugins/ultimate-member/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9764", "name" : "https://wpvulndb.com/vulnerabilities/9764", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9764", "name" : "https://wpvulndb.com/vulnerabilities/9764", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.18", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-12T16:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9305", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "name" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "name" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:weplugins:wp_maps:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.3.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-12T15:15Z", "lastModifiedDate" : "2025-05-07T13:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9306", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-ultimate-csv-importer/#developers", "name" : "https://wordpress.org/plugins/wp-ultimate-csv-importer/#developers", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-ultimate-csv-importer/#developers", "name" : "https://wordpress.org/plugins/wp-ultimate-csv-importer/#developers", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:smackcoders:import_all_pages\\,_post_types\\,_products\\,_orders\\,_and_users_as_xml_\\&_csv:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.8.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-12T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9307", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "name" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "name" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9766", "name" : "https://wpvulndb.com/vulnerabilities/9766", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9766", "name" : "https://wpvulndb.com/vulnerabilities/9766", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:weplugins:wp_maps:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.3.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-14T16:15Z", "lastModifiedDate" : "2025-05-07T13:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9308", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "name" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "name" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9766", "name" : "https://wpvulndb.com/vulnerabilities/9766", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9766", "name" : "https://wpvulndb.com/vulnerabilities/9766", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:weplugins:wp_maps:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.3.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-14T16:15Z", "lastModifiedDate" : "2025-05-07T13:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9309", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "name" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "name" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9766", "name" : "https://wpvulndb.com/vulnerabilities/9766", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9766", "name" : "https://wpvulndb.com/vulnerabilities/9766", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:weplugins:wp_maps:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.3.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-14T16:15Z", "lastModifiedDate" : "2025-05-07T13:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9310", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers", "name" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers", "name" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tipsandtricks-hq:all_in_one_wp_security_\\&_firewall:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.9.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-14T16:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9311", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/newstatpress/#developers", "name" : "https://wordpress.org/plugins/newstatpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/newstatpress/#developers", "name" : "https://wordpress.org/plugins/newstatpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The newstatpress plugin before 1.0.6 for WordPress has reflected XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-14T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9312", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/newstatpress/#developers", "name" : "https://wordpress.org/plugins/newstatpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/newstatpress/#developers", "name" : "https://wordpress.org/plugins/newstatpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-14T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9313", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/newstatpress/#developers", "name" : "https://wordpress.org/plugins/newstatpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/newstatpress/#developers", "name" : "https://wordpress.org/plugins/newstatpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-14T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9314", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/newstatpress/#developers", "name" : "https://wordpress.org/plugins/newstatpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/newstatpress/#developers", "name" : "https://wordpress.org/plugins/newstatpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-14T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9315", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/newstatpress/#developers", "name" : "https://wordpress.org/plugins/newstatpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/newstatpress/#developers", "name" : "https://wordpress.org/plugins/newstatpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The newstatpress plugin before 1.0.1 for WordPress has SQL injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-14T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9316", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-fastest-cache/#developers", "name" : "https://wordpress.org/plugins/wp-fastest-cache/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-fastest-cache/#developers", "name" : "https://wordpress.org/plugins/wp-fastest-cache/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/38678", "name" : "https://www.exploit-db.com/exploits/38678", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/38678", "name" : "https://www.exploit-db.com/exploits/38678", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "0.8.4.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-14T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9317", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/awesome-support/#developers", "name" : "https://wordpress.org/plugins/awesome-support/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/awesome-support/#developers", "name" : "https://wordpress.org/plugins/awesome-support/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.1.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-20T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9318", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-254" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/awesome-support/#developers", "name" : "https://wordpress.org/plugins/awesome-support/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/awesome-support/#developers", "name" : "https://wordpress.org/plugins/awesome-support/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.1.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-20T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9319", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/gregs-high-performance-seo/#developers", "name" : "https://wordpress.org/plugins/gregs-high-performance-seo/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/gregs-high-performance-seo/#developers", "name" : "https://wordpress.org/plugins/gregs-high-performance-seo/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:greg\\'s_high_performance_seo_project:greg\\'s_high_performance_seo:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.6.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-20T16:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9320", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/option-tree/#developers", "name" : "https://wordpress.org/plugins/option-tree/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/option-tree/#developers", "name" : "https://wordpress.org/plugins/option-tree/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9769", "name" : "https://wpvulndb.com/vulnerabilities/9769", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9769", "name" : "https://wpvulndb.com/vulnerabilities/9769", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:optiontree_project:optiontree:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.5.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-20T16:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9321", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/shortcode-factory/#developers", "name" : "https://wordpress.org/plugins/shortcode-factory/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/shortcode-factory/#developers", "name" : "https://wordpress.org/plugins/shortcode-factory/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpmadeeasy:shortcode_factory:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-21T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9322", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/erident-custom-login-and-dashboard/#developers", "name" : "https://wordpress.org/plugins/erident-custom-login-and-dashboard/#developers", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/erident-custom-login-and-dashboard/#developers", "name" : "https://wordpress.org/plugins/erident-custom-login-and-dashboard/#developers", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:erident_custom_login_and_dashboard_project:erident_custom_login_and_dashboard:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-16T21:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9323", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2015-9323", "name" : "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2015-9323", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2015-9323", "name" : "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2015-9323", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/404-to-301/#developers", "name" : "https://wordpress.org/plugins/404-to-301/#developers", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/404-to-301/#developers", "name" : "https://wordpress.org/plugins/404-to-301/#developers", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:duckdev:404_to_301:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.0.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-16T21:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9324", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/easy-digital-downloads/#developers", "name" : "https://wordpress.org/plugins/easy-digital-downloads/#developers", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/easy-digital-downloads/#developers", "name" : "https://wordpress.org/plugins/easy-digital-downloads/#developers", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9770", "name" : "https://wpvulndb.com/vulnerabilities/9770", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9770", "name" : "https://wpvulndb.com/vulnerabilities/9770", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.3.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-16T21:15Z", "lastModifiedDate" : "2025-02-07T19:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9325", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/visitors-online/#developers", "name" : "https://wordpress.org/plugins/visitors-online/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/visitors-online/#developers", "name" : "https://wordpress.org/plugins/visitors-online/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The visitors-online plugin before 0.4 for WordPress has SQL injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bestwebsoft:visitors_online:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-16T14:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9326", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-business-intelligence-lite/#developers", "name" : "https://wordpress.org/plugins/wp-business-intelligence-lite/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-business-intelligence-lite/#developers", "name" : "https://wordpress.org/plugins/wp-business-intelligence-lite/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpbusinessintelligence:wp_business_intelligence:*:*:*:*:lite:wordpress:*:*", "versionEndExcluding" : "1.6.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-16T14:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9327", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/flickr-justified-gallery/#developers", "name" : "https://wordpress.org/plugins/flickr-justified-gallery/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/flickr-justified-gallery/#developers", "name" : "https://wordpress.org/plugins/flickr-justified-gallery/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:flickr_justified_gallery_project:flickr_justified_gallery:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-21T18:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9328", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/profile-builder/#developers", "name" : "https://wordpress.org/plugins/profile-builder/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/profile-builder/#developers", "name" : "https://wordpress.org/plugins/profile-builder/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The profile-builder plugin before 2.2.5 for WordPress has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-21T18:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9329", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-all-import/#developers", "name" : "https://wordpress.org/plugins/wp-all-import/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-all-import/#developers", "name" : "https://wordpress.org/plugins/wp-all-import/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:soflyy:wp_all_import:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.2.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-20T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9330", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-all-import/#developers", "name" : "https://wordpress.org/plugins/wp-all-import/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-all-import/#developers", "name" : "https://wordpress.org/plugins/wp-all-import/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:soflyy:wp_all_import:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.2.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-20T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9331", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-254" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-all-import/#developers", "name" : "https://wordpress.org/plugins/wp-all-import/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-all-import/#developers", "name" : "https://wordpress.org/plugins/wp-all-import/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:soflyy:wp_all_import:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.2.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-20T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9332", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/uninstall/#developers", "name" : "https://wordpress.org/plugins/uninstall/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/uninstall/#developers", "name" : "https://wordpress.org/plugins/uninstall/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wordpress_uninstall_project:wordpress_uninstall:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-20T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9333", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/cforms2/#developers", "name" : "https://wordpress.org/plugins/cforms2/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/cforms2/#developers", "name" : "https://wordpress.org/plugins/cforms2/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9773", "name" : "https://wpvulndb.com/vulnerabilities/9773", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/9773", "name" : "https://wpvulndb.com/vulnerabilities/9773", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The cforms2 plugin before 14.6.10 for WordPress has SQL injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cformsii_project:cformsii:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "14.6.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-22T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9334", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/email-newsletter/#developers", "name" : "https://wordpress.org/plugins/email-newsletter/#developers", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://wordpress.org/plugins/email-newsletter/#developers", "name" : "https://wordpress.org/plugins/email-newsletter/#developers", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://wordpress.org/plugins/email-newsletter/advanced/", "name" : "https://wordpress.org/plugins/email-newsletter/advanced/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://wordpress.org/plugins/email-newsletter/advanced/", "name" : "https://wordpress.org/plugins/email-newsletter/advanced/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://wordpress.org/support/topic/susceptible-to-sql-injection-attack/", "name" : "https://wordpress.org/support/topic/susceptible-to-sql-injection-attack/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/support/topic/susceptible-to-sql-injection-attack/", "name" : "https://wordpress.org/support/topic/susceptible-to-sql-injection-attack/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The email-newsletter plugin through 20.15 for WordPress has SQL injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:email-newsletter_project:email-newsletter:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "20.15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-22T20:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9335", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/limit-attempts/#developers", "name" : "https://wordpress.org/plugins/limit-attempts/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/limit-attempts/#developers", "name" : "https://wordpress.org/plugins/limit-attempts/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bestwebsoft:limit_attempts:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-22T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9336", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/clean-login/#developers", "name" : "https://wordpress.org/plugins/clean-login/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/clean-login/#developers", "name" : "https://wordpress.org/plugins/clean-login/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The clean-login plugin before 1.5.1 for WordPress has reflected XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codection:clean_login:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.5.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-22T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9337", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/profile-builder/#developers", "name" : "https://wordpress.org/plugins/profile-builder/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/profile-builder/#developers", "name" : "https://wordpress.org/plugins/profile-builder/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-22T14:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9338", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-file-upload/#developers", "name" : "https://wordpress.org/plugins/wp-file-upload/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-file-upload/#developers", "name" : "https://wordpress.org/plugins/wp-file-upload/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.5.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-22T20:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9339", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-file-upload/#developers", "name" : "https://wordpress.org/plugins/wp-file-upload/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-file-upload/#developers", "name" : "https://wordpress.org/plugins/wp-file-upload/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.7.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-22T20:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9340", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-file-upload/#developers", "name" : "https://wordpress.org/plugins/wp-file-upload/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-file-upload/#developers", "name" : "https://wordpress.org/plugins/wp-file-upload/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-22T20:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9341", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-file-upload/#developers", "name" : "https://wordpress.org/plugins/wp-file-upload/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-file-upload/#developers", "name" : "https://wordpress.org/plugins/wp-file-upload/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-22T19:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9342", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-rollback/#developers", "name" : "https://wordpress.org/plugins/wp-rollback/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-rollback/#developers", "name" : "https://wordpress.org/plugins/wp-rollback/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-rollback plugin before 1.2.3 for WordPress has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:impress:wp_rollback:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-27T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9343", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-rollback/#developers", "name" : "https://wordpress.org/plugins/wp-rollback/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-rollback/#developers", "name" : "https://wordpress.org/plugins/wp-rollback/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-rollback plugin before 1.2.3 for WordPress has CSRF." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:impress:wp_rollback:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-27T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9344", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/link-log/#developers", "name" : "https://wordpress.org/plugins/link-log/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/link-log/#developers", "name" : "https://wordpress.org/plugins/link-log/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The link-log plugin before 2.1 for WordPress has SQL injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:perafox:link_log:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-27T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9345", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/link-log/#developers", "name" : "https://wordpress.org/plugins/link-log/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/link-log/#developers", "name" : "https://wordpress.org/plugins/link-log/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The link-log plugin before 2.0 for WordPress has HTTP Response Splitting." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:petersplugins:link_log:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-27T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9346", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/cp-polls/#developers", "name" : "https://wordpress.org/plugins/cp-polls/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/cp-polls/#developers", "name" : "https://wordpress.org/plugins/cp-polls/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The cp-polls plugin before 1.0.5 for WordPress has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codepeople:polls_cp:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-27T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9347", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-plotly/#developers", "name" : "https://wordpress.org/plugins/wp-plotly/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-plotly/#developers", "name" : "https://wordpress.org/plugins/wp-plotly/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plot:plotly:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-27T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9348", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/sell-downloads/#developers", "name" : "https://wordpress.org/plugins/sell-downloads/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/sell-downloads/#developers", "name" : "https://wordpress.org/plugins/sell-downloads/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codepeople:sell_downloads:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-27T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9349", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/ckeditor-for-wordpress/#developers", "name" : "https://wordpress.org/plugins/ckeditor-for-wordpress/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/ckeditor-for-wordpress/#developers", "name" : "https://wordpress.org/plugins/ckeditor-for-wordpress/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the \"built-in (old)\" file browser." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cksource:ckeditor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.5.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-27T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9350", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/feed-them-social/#developers", "name" : "https://wordpress.org/plugins/feed-them-social/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/feed-them-social/#developers", "name" : "https://wordpress.org/plugins/feed-them-social/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:slickremix:feed_them_social:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.7.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-27T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9351", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/feed-them-social/#developers", "name" : "https://wordpress.org/plugins/feed-them-social/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/feed-them-social/#developers", "name" : "https://wordpress.org/plugins/feed-them-social/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:slickremix:feed_them_social:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.7.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-27T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9352", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-polls/#developers", "name" : "https://wordpress.org/plugins/wp-polls/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://wordpress.org/plugins/wp-polls/#developers", "name" : "https://wordpress.org/plugins/wp-polls/#developers", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-polls plugin before 2.72 for WordPress has SQL injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wp-polls_project:wp-polls:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.72", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-27T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9353", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/gigpress/#developers", "name" : "https://wordpress.org/plugins/gigpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/gigpress/#developers", "name" : "https://wordpress.org/plugins/gigpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tri:gigpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.3.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9354", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/gigpress/#developers", "name" : "https://wordpress.org/plugins/gigpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/gigpress/#developers", "name" : "https://wordpress.org/plugins/gigpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The gigpress plugin before 2.3.11 for WordPress has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tri.be:gigpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.3.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9355", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/two-factor-authentication/#developers", "name" : "https://wordpress.org/plugins/two-factor-authentication/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/two-factor-authentication/#developers", "name" : "https://wordpress.org/plugins/two-factor-authentication/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:simbahosting:two-factor-authentication:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9356", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/", "name" : "https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/", "name" : "https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-vipergb/#developers", "name" : "https://wordpress.org/plugins/wp-vipergb/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-vipergb/#developers", "name" : "https://wordpress.org/plugins/wp-vipergb/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wp-vipergb_project:wp-vipergb:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.16", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9357", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/akismet/#developers", "name" : "https://wordpress.org/plugins/akismet/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/akismet/#developers", "name" : "https://wordpress.org/plugins/akismet/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The akismet plugin before 3.1.5 for WordPress has XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:automattic:akismet:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.1.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9358", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/feedwordpress/#developers", "name" : "https://wordpress.org/plugins/feedwordpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/feedwordpress/#developers", "name" : "https://wordpress.org/plugins/feedwordpress/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:feedwordpress_project:feedwordpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2015.0514", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9359", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/", "name" : "https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/", "name" : "https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.4.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T15:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9360", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://updraftplus.com/new-security-vulnerability-found-across-significant-numbers-of-wordpress-plugins-including-updraftplus/", "name" : "https://updraftplus.com/new-security-vulnerability-found-across-significant-numbers-of-wordpress-plugins-including-updraftplus/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://updraftplus.com/new-security-vulnerability-found-across-significant-numbers-of-wordpress-plugins-including-updraftplus/", "name" : "https://updraftplus.com/new-security-vulnerability-found-across-significant-numbers-of-wordpress-plugins-including-updraftplus/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:updraftplus:updraftplus:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.9.64", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9361", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.barrykooij.com/several-security-updates-released/", "name" : "https://www.barrykooij.com/several-security-updates-released/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.barrykooij.com/several-security-updates-released/", "name" : "https://www.barrykooij.com/several-security-updates-released/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:never5:related_posts:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.8.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9362", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.barrykooij.com/several-security-updates-released/", "name" : "https://www.barrykooij.com/several-security-updates-released/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.barrykooij.com/several-security-updates-released/", "name" : "https://www.barrykooij.com/several-security-updates-released/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:never5:post_connector:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9363", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:exchange:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9364", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:2checkout:ithemes_2checkout:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9365", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:authorize.net:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9366", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:custom_url_tracking:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9367", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:easy_canadian_sales_taxes:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9368", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:easy_eu_value_added_\\(vat\\)_taxes:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T12:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9369", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:easy_us_sales_taxes:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9370", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:invoices:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9371", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:manual_purchases:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9372", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:membership:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9373", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webdevstudios:ithemes_paypal_pro:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9374", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:stripe:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9375", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:table_rate_shipping:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9376", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:mobile:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9377", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:builder_theme_depot:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "5.0.30", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9378", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:builder_theme_market:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "5.1.27", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9379", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "name" : "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "name" : "https://ithemes.com/coordinated-wordpress-plugin-security-update/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ithemes:builder_style_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "0.7.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-28T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9380", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/photo-gallery/#developers", "name" : "https://wordpress.org/plugins/photo-gallery/#developers", "refsource" : "", "tags" : [ "Product", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/photo-gallery/#developers", "name" : "https://wordpress.org/plugins/photo-gallery/#developers", "refsource" : "", "tags" : [ "Product", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable/", "name" : "https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable/", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable/", "name" : "https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable/", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/7225", "name" : "https://wpvulndb.com/vulnerabilities/7225", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/7225", "name" : "https://wpvulndb.com/vulnerabilities/7225", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The photo-gallery plugin before 1.2.42 for WordPress has CSRF." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.42", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-30T13:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9381", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=7962a15d64c876870ca0ae435ea2467d9be268d9", "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=7962a15d64c876870ca0ae435ea2467d9be268d9", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=7962a15d64c876870ca0ae435ea2467d9be268d9", "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=7962a15d64c876870ca0ae435ea2467d9be268d9", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:4254", "name" : "RHSA-2019:4254", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:4254", "name" : "RHSA-2019:4254", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html", "name" : "[debian-lts-announce] 20190904 [SECURITY] [DLA 1909-1] freetype security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html", "name" : "[debian-lts-announce] 20190904 [SECURITY] [DLA 1909-1] freetype security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://savannah.nongnu.org/bugs/?45955", "name" : "https://savannah.nongnu.org/bugs/?45955", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://savannah.nongnu.org/bugs/?45955", "name" : "https://savannah.nongnu.org/bugs/?45955", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/4126-2/", "name" : "USN-4126-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/4126-2/", "name" : "USN-4126-2", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.6.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-09-03T05:15Z", "lastModifiedDate" : "2024-11-21T02:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2015-9382", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/psaux/psobjs.c?id=db5a4a9ae7b0048f033361744421da8569642f73", "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/psaux/psobjs.c?id=db5a4a9ae7b0048f033361744421da8569642f73", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/psaux/psobjs.c?id=db5a4a9ae7b0048f033361744421da8569642f73", "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/psaux/psobjs.c?id=db5a4a9ae7b0048f033361744421da8569642f73", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:4254", "name" : "RHSA-2019:4254", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:4254", "name" : "RHSA-2019:4254", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html", "name" : "[debian-lts-announce] 20190904 [SECURITY] [DLA 1909-1] freetype security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html", "name" : "[debian-lts-announce] 20190904 [SECURITY] [DLA 1909-1] freetype security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://savannah.nongnu.org/bugs/?45922", "name" : "https://savannah.nongnu.org/bugs/?45922", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://savannah.nongnu.org/bugs/?45922", "name" : "https://savannah.nongnu.org/bugs/?45922", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/4126-2/", "name" : "USN-4126-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/4126-2/", "name" : "USN-4126-2", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.6.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "atta